Test ID:	1.3.6.1.4.1.25623.1.0.891265
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-1265-1)
Summary:	The remote host is missing an update for the Debian 'krb5' package(s) announced via the DLA-1265-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'krb5' package(s) announced via the DLA-1265-1 advisory. Vulnerability Insight: Kerberos, a system for authenticating users and services on a network, was affected by several vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2013-1418 Kerberos allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request when multiple realms are configured. CVE-2014-5351 Kerberos sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access. CVE-2014-5353 When the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. CVE-2014-5355 Kerberos expects that a krb5_read_message data field is represented as a string ending with a '0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '0' character, CVE-2016-3119 Kerberos allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. CVE-2016-3120 Kerberos allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. For Debian 7 Wheezy, these problems have been fixed in version 1.10.1+dfsg-5+deb7u9. We recommend that you upgrade your krb5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'krb5' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1418 BugTraq ID: 63555 http://www.securityfocus.com/bid/63555 https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html SuSE Security Announcement: openSUSE-SU-2013:1738 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00082.html SuSE Security Announcement: openSUSE-SU-2013:1751 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-11/msg00086.html SuSE Security Announcement: openSUSE-SU-2013:1833 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.html Common Vulnerability Exposure (CVE) ID: CVE-2014-5351 BugTraq ID: 70380 http://www.securityfocus.com/bid/70380 http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html http://security.gentoo.org/glsa/glsa-201412-53.xml http://www.mandriva.com/security/advisories?name=MDVSA-2014:224 http://www.securitytracker.com/id/1031003 SuSE Security Announcement: SUSE-SU-2015:0290 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html SuSE Security Announcement: openSUSE-SU-2015:0255 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html http://www.ubuntu.com/usn/USN-2498-1 XForce ISS Database: kerberos-cve20145351-sec-bypass(97028) https://exchange.xforce.ibmcloud.com/vulnerabilities/97028 Common Vulnerability Exposure (CVE) ID: CVE-2014-5353 BugTraq ID: 71679 http://www.securityfocus.com/bid/71679 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:009 RedHat Security Advisories: RHSA-2015:0439 http://rhn.redhat.com/errata/RHSA-2015-0439.html RedHat Security Advisories: RHSA-2015:0794 http://rhn.redhat.com/errata/RHSA-2015-0794.html http://www.securitytracker.com/id/1031376 SuSE Security Announcement: openSUSE-SU-2015:0542 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html Common Vulnerability Exposure (CVE) ID: CVE-2014-5355 BugTraq ID: 74042 http://www.securityfocus.com/bid/74042 http://www.mandriva.com/security/advisories?name=MDVSA-2015:069 http://www.ubuntu.com/usn/USN-2810-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-3119 BugTraq ID: 85392 http://www.securityfocus.com/bid/85392 RedHat Security Advisories: RHSA-2016:2591 http://rhn.redhat.com/errata/RHSA-2016-2591.html http://www.securitytracker.com/id/1035399 SuSE Security Announcement: openSUSE-SU-2016:0947 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html SuSE Security Announcement: openSUSE-SU-2016:1072 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html Common Vulnerability Exposure (CVE) ID: CVE-2016-3120 BugTraq ID: 92132 http://www.securityfocus.com/bid/92132 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/ http://www.securitytracker.com/id/1036442 SuSE Security Announcement: openSUSE-SU-2016:2268 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.