OracleVM 2.2 : krb5 (OVMSA-2011-0015)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Fix for (CVE-2011-4862)

- incorporate a fix to teach the file labeling bits about
when replay caches are expunged (#712453)

- rebuild

- ftp: handle larger command inputs (#665833)

- don't bail halfway through an unlock operation when the
result will be discarded and the end-result not cleaned
up (Martin Osvald, #586032)

- add a versioned dependency between krb5-server-ldap and
krb5-libs (internal tooling)

- don't discard the error code from an error message
received in response to a change-password request
(#658871, RT#6893)

- ftpd: add patch from Jatin Nansi to correctly match
restrict lines in /etc/ftpusers (#644215, RT#6889)

- ftp: add modified patch from Rogan Kyuseok Lee to report
the number of bytes transferred correctly when
transferring large files on 32-bit systems (#648404)

- backport fix for RT#6514: memory leak freeing rcache
type none (#678205)

- add upstream patch to fix hang or crash in the KDC when
using the LDAP kdb backend (CVE-2011-0281,
CVE-2011-0282, #671097)

- incorporate upstream patch for checksum acceptance
issues from MITKRB5-SA-2010-007 (CVE-2010-1323, #652308)

- backport a fix to the previous change (#539423)

- backport the k5login_directory and k5login_authoritative
settings (#539423)

- krshd: don't limit user names to 16 chars when utmp can
handle names at least a bit longer than that (#611713)

- fix a logic bug in computing key expiration times
(RT#6762, #627038)

- correct the post-rotate scriptlet in the kadmind
logrotate config (more of #462658)

- ftpd: backport changes to modify behavior to match
telnetd,rshd,rlogind and accept GSSAPI auth to any
service for which we have a matching key (#538075)

- pull in fix for RT#5551 to treat the referral realm when
seen in a ticket as though it were the local realm
(#498554, also very likely #450122)

- add aes256-cts:normal and aes128-cts:normal to the list
of keysalts in the default kdc.conf (part of #565941)

- add a note to kdc.conf(5) pointing to the admin guide
for the list of recognized key and salt types (the rest
of #565941)

- add logrotate configuration files for krb5kdc and
kadmind (#462658)

- libgssapi: backport patch from svn to stop returning
context-expired errors when the ticket which was used to
set up the context expires (#605367, upstream #6739)

- enable building the -server-ldap subpackage (#514362)

- stop caring about the endianness of stash files
(#514741), which will be replaced by proper keytab files
in later releases

- don't crash in krb5_get_init_creds_password if the
passed-in options struct is NULL and the clients keys
have expired (#555875)

- ksu: perform PAM account and session management before
dropping privileges to those of the target user (#540769
and #596887, respectively)

- add candidate patch to correct libgssapi null pointer
dereference which could be triggered by malformed client
requests (CVE-2010-1321, #583704)

- fix a null pointer dereference and crash introduced in
our PAM patch that would happen if ftpd was given the
name of a user who wasnt known to the local system,
limited to being triggerable by gssapi-authenticated
clients by the default xinetd config (Olivier Fourdan,
#569472)

- add upstream patch to fix a few use-after-free bugs,
including one in kadmind (CVE-2010-0629, #578186)

- merge patch to correct KDC integer overflows which could
be triggered by malformed RC4 and AES ciphertexts
(CVE-2009-4212, #546348)

- pull changes to libkrb5 to properly handle and chase
off-path referrals back from 1.7 (#546538)

- add an auth stack to ksus PAM configuration so that it
can successfully pam_setcred

- also set PAM_RUSER in ksu for completeness
(#479071+#477033)

- fix various typos, except for bits pertaining to
licensing (#499190)

- kdb5_util: when renaming a database, if the new names
associated lock files don't exist, go ahead and create
them (#442879)

- ksu: perform PAM account and session management for the
target user authentication is still performed as before
(#477033)

- fix typo in ksus reporting of errors getting credentials
(#462890)

- kadmind.init: stop setting up a keytab, as kadminds been
able to use the database directly for a while now
(#473151)

- pull up patch to set PAM_RHOST (James Leddy, #479071)

See also :

http://www.nessus.org/u?783bc3a1

Solution :

Update the affected krb5-libs / krb5-workstation packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79475 ()

Bugtraq ID: 37749
39247
40235
45118
46265
46271
51182

CVE ID: CVE-2009-4212
CVE-2010-0629
CVE-2010-1321
CVE-2010-1323
CVE-2011-0281
CVE-2011-0282
CVE-2011-4862

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now