Test ID:	1.3.6.1.4.1.25623.1.0.68928
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1062-1 (krb5)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to krb5 announced via advisory USN-1062-1. Details follow: Keiichi Mori discovered that the MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial of service attack due to improper logic when a worker child process exited because of invalid network input. This could only occur when kpropd is running in standalone mode kpropd was not affected when running in incremental propagation mode (iprop) or as an inetd server. This issue only affects Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu 10.10. (CVE-2010-4022) Kevin Longfellow and others discovered that the MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks when using an LDAP back end due to improper handling of network input. (CVE-2011-0281, CVE-2011-0282) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: krb5-kdc 1.6.dfsg.3~ beta1-2ubuntu1.8 Ubuntu 9.10: krb5-kdc 1.7dfsg~ beta3-1ubuntu0.9 krb5-kdc-ldap 1.7dfsg~ beta3-1ubuntu0.9 Ubuntu 10.04 LTS: krb5-kdc 1.8.1+dfsg-2ubuntu0.6 krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.6 Ubuntu 10.10: krb5-kdc 1.8.1+dfsg-5ubuntu0.4 krb5-kdc-ldap 1.8.1+dfsg-5ubuntu0.4 In general, a standard system update will make all the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-1062-1 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4022 BugTraq ID: 46269 http://www.securityfocus.com/bid/46269 Bugtraq: 20110208 MITKRB5-SA-2011-001 kpropd denial of service [CVE-2010-4022] (Google Search) http://www.securityfocus.com/archive/1/516286/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2011:025 http://www.redhat.com/support/errata/RHSA-2011-0200.html http://www.securitytracker.com/id?1025035 http://secunia.com/advisories/43260 http://secunia.com/advisories/43275 http://securityreason.com/securityalert/8070 SuSE Security Announcement: SUSE-SR:2011:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html http://www.vupen.com/english/advisories/2011/0329 http://www.vupen.com/english/advisories/2011/0333 http://www.vupen.com/english/advisories/2011/0347 http://www.vupen.com/english/advisories/2011/0464 Common Vulnerability Exposure (CVE) ID: CVE-2011-0281 BugTraq ID: 46265 http://www.securityfocus.com/bid/46265 Bugtraq: 20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283] (Google Search) http://www.securityfocus.com/archive/1/516299/100/0/threaded Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search) http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2011:024 http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html http://www.redhat.com/support/errata/RHSA-2011-0199.html http://www.securitytracker.com/id?1025037 http://secunia.com/advisories/43273 http://secunia.com/advisories/46397 http://securityreason.com/securityalert/8073 http://www.vupen.com/english/advisories/2011/0330 XForce ISS Database: kerberos-ldap-descriptor-dos(65324) https://exchange.xforce.ibmcloud.com/vulnerabilities/65324 Common Vulnerability Exposure (CVE) ID: CVE-2011-0282 BugTraq ID: 46271 http://www.securityfocus.com/bid/46271 XForce ISS Database: kerberos-ldap-dos(65323) https://exchange.xforce.ibmcloud.com/vulnerabilities/65323
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.