EulerOS 2.0 SP1 : krb5 (EulerOS-SA-2016-1076)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the krb5 packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :

- A NULL pointer dereference flaw was found in MIT
Kerberos kadmind service. An authenticated attacker
with permission to modify a principal entry could use
this flaw to cause kadmind to dereference a NULL
pointer and crash by supplying an empty DB argument to
the modify_principal command, if kadmind was configured
to use the LDAP KDB module. (CVE-2016-3119)

- A NULL pointer dereference flaw was found in MIT
Kerberos krb5kdc service. An authenticated attacker
could use this flaw to cause krb5kdc to dereference a
NULL pointer and crash by making an S4U2Self request,
if the restrict_anonymous_to_tgt option was set to
true.(CVE-2016-3120)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?bfb7adce

Solution :

Update the affected krb5 packages.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 3.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Huawei Local Security Checks

Nessus Plugin ID: 99836 ()

Bugtraq ID:

CVE ID: CVE-2016-3119
CVE-2016-3120

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now