 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.71621 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu USN-1520-1 (krb5-admin-server) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to krb5-admin-server announced via advisory USN-1520-1. Details: Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could free an uninitialized pointer when handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2012-1015) Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference an uninitialized pointer while handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1014) Simo Sorce discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference a NULL pointer when handling a malformed TGS-REQ message. A remote authenticated attacker could use this to cause a denial of service. (CVE-2012-1013) It was discovered that the kadmin protocol implementation in MIT krb5 did not properly restrict access to the SET_STRING and GET_STRINGS operations. A remote authenticated attacker could use this to expose or modify sensitive information. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1012) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: krb5-admin-server 1.9.1+dfsg-1ubuntu2.3 krb5-kdc 1.9.1+dfsg-1ubuntu2.3 krb5-kdc-ldap 1.9.1+dfsg-1ubuntu2.3 Ubuntu 11.04: krb5-admin-server 1.8.3+dfsg-5ubuntu2.3 krb5-kdc 1.8.3+dfsg-5ubuntu2.3 krb5-kdc-ldap 1.8.3+dfsg-5ubuntu2.3 Ubuntu 10.04 LTS: krb5-admin-server 1.8.1+dfsg-2ubuntu0.11 krb5-kdc 1.8.1+dfsg-2ubuntu0.11 krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.11 http://www.securityspace.com/smysecure/catid.html?in=USN-1520-1 CVSS Score: 9.3 CVSS Vector: AV:L/AC:H/Au:NR/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-1015 Debian Security Information: DSA-2518 (Google Search) http://www.debian.org/security/2012/dsa-2518 http://www.mandriva.com/security/advisories?name=MDVSA-2012:120 RedHat Security Advisories: RHSA-2012:1131 http://rhn.redhat.com/errata/RHSA-2012-1131.html SuSE Security Announcement: openSUSE-SU-2012:0967 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-08/msg00016.html Common Vulnerability Exposure (CVE) ID: CVE-2012-1014 Common Vulnerability Exposure (CVE) ID: CVE-2012-1013 BugTraq ID: 53784 http://www.securityfocus.com/bid/53784 http://www.mandriva.com/security/advisories?name=MDVSA-2012:102 http://mailman.mit.edu/pipermail/kerberos-announce/2012q2/000136.html SuSE Security Announcement: openSUSE-SU-2012:0834 (Google Search) https://hermes.opensuse.org/messages/15083635 Common Vulnerability Exposure (CVE) ID: CVE-2012-1012 |
| Copyright | Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |