FreeBSD : krb5 -- multiple checksum handling vulnerabilities (0d57c1d9-03f4-11e0-bf50-001a926c7637)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The MIT Kerberos team reports :

MIT krb incorrectly accepts an unkeyed checksum with DES session keys
for version 2 (RFC 4121) of the GSS-API krb5 mechanism.

An unauthenticated remote attacker can forge GSS tokens that are
intended to be integrity-protected but unencrypted, if the targeted
pre-existing application session uses a DES session key.

MIT krb5 KDC incorrectly accepts RFC 3961 key-derivation checksums
using RC4 keys when verifying the req-checksum in a KrbFastArmoredReq.

An unauthenticated remote attacker has a 1/256 chance of swapping a
client-issued KrbFastReq into a different KDC-REQ, if the armor key is
RC4. The consequences are believed to be minor.

See also :

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
http://www.nessus.org/u?326f4b8a

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 51100 ()

Bugtraq ID: 45116

CVE ID: CVE-2010-1324

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now