English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72022 CVE descriptions
and 38680 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58885
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0095
Summary:Redhat Security Advisory RHSA-2007:0095
Description:
The remote host is missing updates announced in
advisory RHSA-2007:0095.

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.

A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. (CVE-2007-0956)

Note that the krb5 telnet daemon is not enabled by default in any version
of Red Hat Enterprise Linux. In addition, the default firewall rules block
remote access to the telnet port. This flaw does not affect the telnet
daemon distributed in the telnet-server package.

For users who have enabled the krb5 telnet daemon and have it accessible
remotely, this update should be applied immediately.

Whilst we are not aware at this time that the flaw is being actively
exploited, we have confirmed that the flaw is very easily exploitable.

This update also fixes two additional security issues:

Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. (CVE-2007-0957)

A double-free flaw was found in the GSSAPI library used by the kadmin
server daemon. Red Hat Enterprise Linux 4 and 5 contain checks within
glibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux
4 and 5 successful exploitation of this issue can only lead to a denial of
service. Applications which use this library in earlier releases of Red
Hat Enterprise Linux may also be affected. (CVE-2007-1216)

All users are advised to update to these erratum packages which contain a
backported fix to correct these issues.

Red Hat would like to thank MIT and iDefense for reporting these
vulnerabilities.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0095.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-0956
Bugtraq: 20070403 MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956] (Google Search)
http://www.securityfocus.com/archive/1/archive/1/464590/100/0/threaded
Bugtraq: 20070404 rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search)
http://www.securityfocus.com/archive/1/archive/1/464666/100/0/threaded
Bugtraq: 20070405 FLEA-2007-0008-1: krb5 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/464814/30/7170/threaded
Debian Security Information: DSA-1276 (Google Search)
http://www.debian.org/security/2007/dsa-1276
http://security.gentoo.org/glsa/glsa-200704-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:077
http://www.redhat.com/support/errata/RHSA-2007-0095.html
SGI Security Advisory: 20070401-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070401-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1
SuSE Security Announcement: SUSE-SA:2007:025 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html
http://www.ubuntu.com/usn/usn-449-1
Cert/CC Advisory: TA07-093B
http://www.us-cert.gov/cas/techalerts/TA07-093B.html
CERT/CC vulnerability note: VU#220816
http://www.kb.cert.org/vuls/id/220816
BugTraq ID: 23281
http://www.securityfocus.com/bid/23281
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10046
http://www.vupen.com/english/advisories/2007/1249
http://www.vupen.com/english/advisories/2007/1218
http://www.securitytracker.com/id?1017848
http://secunia.com/advisories/24706
http://secunia.com/advisories/24736
http://secunia.com/advisories/24757
http://secunia.com/advisories/24740
http://secunia.com/advisories/24750
http://secunia.com/advisories/24755
http://secunia.com/advisories/24785
http://secunia.com/advisories/24786
http://secunia.com/advisories/24817
http://secunia.com/advisories/24735
XForce ISS Database: kerberos-telnet-security-bypass(33414)
http://xforce.iss.net/xforce/xfdb/33414
Common Vulnerability Exposure (CVE) ID: CVE-2007-0957
Bugtraq: 20070403 MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957] (Google Search)
http://www.securityfocus.com/archive/1/archive/1/464592/100/0/threaded
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1
Cert/CC Advisory: TA07-109A
http://www.us-cert.gov/cas/techalerts/TA07-109A.html
CERT/CC vulnerability note: VU#704024
http://www.kb.cert.org/vuls/id/704024
BugTraq ID: 23285
http://www.securityfocus.com/bid/23285
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10757
http://www.vupen.com/english/advisories/2007/1250
http://www.vupen.com/english/advisories/2007/1470
http://www.vupen.com/english/advisories/2007/1983
http://www.securitytracker.com/id?1017849
http://secunia.com/advisories/24798
http://secunia.com/advisories/24966
http://secunia.com/advisories/25464
XForce ISS Database: kerberos-krb5klogsyslog-bo(33411)
http://xforce.iss.net/xforce/xfdb/33411
Common Vulnerability Exposure (CVE) ID: CVE-2007-1216
Bugtraq: 20070403 MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216] (Google Search)
http://www.securityfocus.com/archive/1/archive/1/464591/100/0/threaded
HPdes Security Advisory: HPSBUX02217
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056923
HPdes Security Advisory: SSRT071337
CERT/CC vulnerability note: VU#419344
http://www.kb.cert.org/vuls/id/419344
BugTraq ID: 23282
http://www.securityfocus.com/bid/23282
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11135
http://www.vupen.com/english/advisories/2007/1916
http://www.securitytracker.com/id?1017852
http://secunia.com/advisories/25388
XForce ISS Database: kerberos-kadmind-code-execution(33413)
http://xforce.iss.net/xforce/xfdb/33413
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 38680 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.