Detections
Analytics

Mandrake Linux Security Advisory : krb5 (MDKSA-2007:077-1)

high Nessus Plugin ID 24943

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password (CVE-2007-0956).

Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC.
Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes (CVE-2007-0957).

Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes (CVE-2007-1216).

Updated packages have been patched to address this issue.

Update :

Packages for Mandriva Linux 2007.1 are now available.

Solution

Update the affected packages.

See Also

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt

Plugin Details

Severity: High

ID: 24943

File Name: mandrake_MDKSA-2007-077.nasl

Version: 1.23

Type: local

Published: 4/5/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:ftp-client-krb5, p-cpe:/a:mandriva:linux:ftp-server-krb5, p-cpe:/a:mandriva:linux:krb5-server, p-cpe:/a:mandriva:linux:krb5-workstation, p-cpe:/a:mandriva:linux:lib64krb53, p-cpe:/a:mandriva:linux:lib64krb53-devel, p-cpe:/a:mandriva:linux:libkrb53, p-cpe:/a:mandriva:linux:libkrb53-devel, p-cpe:/a:mandriva:linux:telnet-client-krb5, p-cpe:/a:mandriva:linux:telnet-server-krb5, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/10/2007

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2007-0956, CVE-2007-0957, CVE-2007-1216

BID: 23281, 23282, 23285

CWE: 119

MDKSA: 2007:077-1