Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871327
Category:Red Hat Local Security Checks
Title:RedHat Update for krb5 RHSA-2015:0439-01
Summary:The remote host is missing an update for the 'krb5'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'krb5'
package(s) announced via the referenced advisory.

Vulnerability Insight:
A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO
acceptor for continuation tokens. A remote, unauthenticated attacker could
use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344)

A buffer overflow was found in the KADM5 administration server (kadmind)
when it was used with an LDAP back end for the KDC database. A remote,
authenticated attacker could potentially use this flaw to execute arbitrary
code on the system running kadmind. (CVE-2014-4345)

A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5
library processed valid context deletion tokens. An attacker able to make
an application using the GSS-API library (libgssapi) call the
gss_process_context_token() function could use this flaw to crash that
application. (CVE-2014-5352)

If kadmind were used with an LDAP back end for the KDC database, a remote,
authenticated attacker with the permissions to set the password policy
could crash kadmind by attempting to use a named ticket policy object as a
password policy for a principal. (CVE-2014-5353)

A double-free flaw was found in the way MIT Kerberos handled invalid
External Data Representation (XDR) data. An authenticated user could use
this flaw to crash the MIT Kerberos administration server (kadmind), or
other applications using Kerberos libraries, using specially crafted XDR
packets. (CVE-2014-9421)

It was found that the MIT Kerberos administration server (kadmind)
incorrectly accepted certain authentication requests for two-component
server principal names. A remote attacker able to acquire a key with a
particularly named principal (such as 'kad/x') could use this flaw to
impersonate any user to kadmind, and perform administrative actions as that
user. (CVE-2014-9422)

An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS
implementation (libgssrpc) handled certain requests. An attacker could send
a specially crafted request to an application using libgssrpc to disclose a
limited portion of uninitialized memory used by that application.
(CVE-2014-9423)

Two buffer over-read flaws were found in the way MIT Kerberos handled
certain requests. A remote, unauthenticated attacker able to inject packets
into a client or server application's GSSAPI session could use either of
these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342)

A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An
attacker able to spoof packets to appear as though they are from an GSSAPI
acceptor could use this flaw to crash a client application that uses MIT
Kerberos. (CVE-2014-4343)

Re ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
krb5 on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-4341
BugTraq ID: 68909
http://www.securityfocus.com/bid/68909
Debian Security Information: DSA-3000 (Google Search)
http://www.debian.org/security/2014/dsa-3000
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html
http://security.gentoo.org/glsa/glsa-201412-53.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
RedHat Security Advisories: RHSA-2015:0439
http://rhn.redhat.com/errata/RHSA-2015-0439.html
http://www.securitytracker.com/id/1030706
http://secunia.com/advisories/59102
http://secunia.com/advisories/60082
http://secunia.com/advisories/60448
XForce ISS Database: mit-kerberos-cve20144341-dos(94904)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94904
Common Vulnerability Exposure (CVE) ID: CVE-2014-4342
BugTraq ID: 68908
http://www.securityfocus.com/bid/68908
XForce ISS Database: mit-kerberos-cve20144342-dos(94903)
https://exchange.xforce.ibmcloud.com/vulnerabilities/94903
Common Vulnerability Exposure (CVE) ID: CVE-2014-4343
BugTraq ID: 69159
http://www.securityfocus.com/bid/69159
http://www.osvdb.org/109390
http://secunia.com/advisories/61052
XForce ISS Database: kerberos-cve20144343-dos(95211)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95211
Common Vulnerability Exposure (CVE) ID: CVE-2014-4344
BugTraq ID: 69160
http://www.securityfocus.com/bid/69160
http://www.osvdb.org/109389
http://secunia.com/advisories/61051
XForce ISS Database: kerberos-cve20144344-dos(95210)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95210
Common Vulnerability Exposure (CVE) ID: CVE-2014-4345
BugTraq ID: 69168
http://www.securityfocus.com/bid/69168
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html
http://www.osvdb.org/109908
RedHat Security Advisories: RHSA-2014:1255
http://rhn.redhat.com/errata/RHSA-2014-1255.html
http://www.securitytracker.com/id/1030705
http://secunia.com/advisories/59415
http://secunia.com/advisories/59993
http://secunia.com/advisories/60535
http://secunia.com/advisories/60776
http://secunia.com/advisories/61314
http://secunia.com/advisories/61353
SuSE Security Announcement: SUSE-SU-2014:1028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html
SuSE Security Announcement: openSUSE-SU-2014:1043 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.html
XForce ISS Database: kerberos-cve20144345-bo(95212)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95212
Common Vulnerability Exposure (CVE) ID: CVE-2014-5352
BugTraq ID: 72495
http://www.securityfocus.com/bid/72495
Debian Security Information: DSA-3153 (Google Search)
http://www.debian.org/security/2015/dsa-3153
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:069
RedHat Security Advisories: RHSA-2015:0794
http://rhn.redhat.com/errata/RHSA-2015-0794.html
SuSE Security Announcement: SUSE-SU-2015:0257 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html
SuSE Security Announcement: SUSE-SU-2015:0290 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html
SuSE Security Announcement: openSUSE-SU-2015:0255 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html
http://www.ubuntu.com/usn/USN-2498-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-5353
BugTraq ID: 71679
http://www.securityfocus.com/bid/71679
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:009
https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
http://www.securitytracker.com/id/1031376
SuSE Security Announcement: openSUSE-SU-2015:0542 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-9421
BugTraq ID: 72496
http://www.securityfocus.com/bid/72496
Common Vulnerability Exposure (CVE) ID: CVE-2014-9422
BugTraq ID: 72494
http://www.securityfocus.com/bid/72494
Common Vulnerability Exposure (CVE) ID: CVE-2014-9423
BugTraq ID: 72503
http://www.securityfocus.com/bid/72503
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.