Detections
Analytics

Kerberos 5 < 1.3.5 Multiple Vulnerabilities

high Nessus Plugin ID 11512

Language:

Synopsis

It may be possible to execute arbitrary code on the remote Kerberos server.

Description

The remote host is running Kerberos 5.

There are multiple flaws that affect this product. Make sure you are running the latest version with the latest patches.

Note that Nessus could not check for any of the flaws and solely relied on the presence of the service to issue an alert, so this might be a false positive.

Solution

Upgrade to Kerberos 5 (krb5) 1.3.5 or later.

See Also

http://www.nessus.org/u?34bb0fc8

Plugin Details

Severity: High

ID: 11512

File Name: kerberos5_issues.nasl

Version: 1.26

Type: remote

Family: Misc.

Published: 4/3/2003

Updated: 7/12/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 8/31/2004

Vulnerability Publication Date: 8/31/2004

Reference Information

CVE: CVE-2002-0036, CVE-2003-0059, CVE-2003-0060, CVE-2003-0072, CVE-2003-0082, CVE-2003-0138, CVE-2003-0139, CVE-2004-0642, CVE-2004-0643, CVE-2004-0644, CVE-2004-0772

BID: 6712, 6713, 6714, 7184, 7185, 11078, 11079

CWE: 119

RHSA: 2003:091-01