Mandrake Linux Security Advisory : krb5 (MDKSA-2003:043-1)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilties have been found in the Kerberos network
authentication system. The MIT Kerberos team have released an advisory
detailing these vulnerabilties, a description of which follows.

An integer signedness error in the ASN.1 decoder before version 1.2.5
allows remote attackers to cause a crash of the server via a large
unsigned data element length, which is later used as a negative value
(CVE-2002-0036). Mandrake Linux 9.0+ is not affected by this problem.

Vulnerabilties have been found in the RPC library used by the kadmin
service. A faulty length check in the RPC library exposes kadmind to
an integer overflow which can be used to crash kadmind
(CVE-2003-0028).

The KDC (Key Distribution Center) before version 1.2.5 allows remote,
authenticated attackers to cause a crash on KDCs within the same realm
using a certain protocol that causes a null dereference
(CVE-2003-0058). Mandrake Linux 9.0+ is not affected by this problem.

Users from one realm can impersonate users in other realms that have
the same inter-realm keys due to a vulnerability in Kerberos 1.2.3 and
earlier (CVE-2003-0059). Mandrake Linux 9.0+ is not affected by this
problem.

The KDC allows remote, authenticated users to cause a crash on KDCs
within the same realm using a certain protocol request that causes an
out-of-bounds read of an array (CVE-2003-0072).

The KDC allows remote, authenticated users to cause a crash on KDCs
within the same realm using a certain protocol request that causes the
KDC to corrupt its heap (CVE-2003-0082).

Vulnerabilities have been discovered in the Kerberos IV authentication
protocol which allow an attacker with knowledge of a cross-realm key,
which is shared in another realm, to impersonate a principle in that
realm to any service in that realm. This vulnerability can only be
closed by disabling cross-realm authentication in Kerberos IV
(CVE-2003-0138).

Vulnerabilities have been discovered in the support for triple-DES
keys in the Kerberos IV authentication protocol which is included in
MIT Kerberos (CVE-2003-0139).

MandrakeSoft encourages all users to upgrade to these updated packages
immediately which contain patches to correct all of the previously
noted vulnerabilities. These packages also disable Kerberos IV
cross-realm authentication by default.

Update :

The packages for Mandrake Linux 9.1 and 9.1/PPC were not GPG-signed.
This has been fixed and as a result the md5sums have changed. Thanks
to Mark Lyda for pointing this out.

See also :

http://www.nessus.org/u?d4ced782
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt
http://www.nessus.org/u?49b852e4
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14027 (mandrake_MDKSA-2003-043.nasl)

Bugtraq ID:

CVE ID: CVE-2002-0036
CVE-2003-0028
CVE-2003-0058
CVE-2003-0059
CVE-2003-0072
CVE-2003-0082
CVE-2003-0138
CVE-2003-0139

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now