NewStart CGSL MAIN 6.06 : krb5 Multiple Vulnerabilities (NS-SA-2025-0215)

critical Nessus Plugin ID 266225

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 6.06, has krb5 packages installed that are affected by multiple vulnerabilities:

- plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat. (CVE-2017-15088)

- The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition. (CVE-2011-0285)

- schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. (CVE-2002-2443)

- The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues. (CVE-2006-3084)

- The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. (CVE-2006-6143)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL krb5 packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2025-0215

https://security.gd-linux.com/info/CVE-2002-2443

https://security.gd-linux.com/info/CVE-2006-3084

https://security.gd-linux.com/info/CVE-2006-6143

https://security.gd-linux.com/info/CVE-2006-6144

https://security.gd-linux.com/info/CVE-2007-0956

https://security.gd-linux.com/info/CVE-2007-0957

https://security.gd-linux.com/info/CVE-2007-1216

https://security.gd-linux.com/info/CVE-2007-2442

https://security.gd-linux.com/info/CVE-2007-2443

https://security.gd-linux.com/info/CVE-2007-2798

https://security.gd-linux.com/info/CVE-2007-3999

https://security.gd-linux.com/info/CVE-2007-4000

https://security.gd-linux.com/info/CVE-2007-4743

https://security.gd-linux.com/info/CVE-2007-5901

https://security.gd-linux.com/info/CVE-2007-5971

https://security.gd-linux.com/info/CVE-2008-0062

https://security.gd-linux.com/info/CVE-2008-0063

https://security.gd-linux.com/info/CVE-2008-0947

https://security.gd-linux.com/info/CVE-2009-0844

https://security.gd-linux.com/info/CVE-2009-0845

https://security.gd-linux.com/info/CVE-2009-0846

https://security.gd-linux.com/info/CVE-2009-0847

https://security.gd-linux.com/info/CVE-2009-3295

https://security.gd-linux.com/info/CVE-2009-4212

https://security.gd-linux.com/info/CVE-2010-0283

https://security.gd-linux.com/info/CVE-2010-0628

https://security.gd-linux.com/info/CVE-2010-1320

https://security.gd-linux.com/info/CVE-2010-1321

https://security.gd-linux.com/info/CVE-2010-1322

https://security.gd-linux.com/info/CVE-2010-4022

https://security.gd-linux.com/info/CVE-2011-0281

https://security.gd-linux.com/info/CVE-2011-0282

https://security.gd-linux.com/info/CVE-2011-0283

https://security.gd-linux.com/info/CVE-2011-0284

https://security.gd-linux.com/info/CVE-2011-0285

https://security.gd-linux.com/info/CVE-2011-1527

https://security.gd-linux.com/info/CVE-2011-1528

https://security.gd-linux.com/info/CVE-2011-1529

https://security.gd-linux.com/info/CVE-2011-1530

https://security.gd-linux.com/info/CVE-2012-1012

https://security.gd-linux.com/info/CVE-2012-1014

https://security.gd-linux.com/info/CVE-2012-1015

https://security.gd-linux.com/info/CVE-2013-1418

https://security.gd-linux.com/info/CVE-2013-6800

https://security.gd-linux.com/info/CVE-2014-4341

https://security.gd-linux.com/info/CVE-2014-4342

https://security.gd-linux.com/info/CVE-2014-4343

https://security.gd-linux.com/info/CVE-2014-4344

https://security.gd-linux.com/info/CVE-2014-4345

https://security.gd-linux.com/info/CVE-2014-5351

https://security.gd-linux.com/info/CVE-2014-5352

https://security.gd-linux.com/info/CVE-2014-5353

https://security.gd-linux.com/info/CVE-2014-5354

https://security.gd-linux.com/info/CVE-2014-5355

https://security.gd-linux.com/info/CVE-2014-9421

https://security.gd-linux.com/info/CVE-2014-9422

https://security.gd-linux.com/info/CVE-2014-9423

https://security.gd-linux.com/info/CVE-2015-2694

https://security.gd-linux.com/info/CVE-2015-2695

https://security.gd-linux.com/info/CVE-2015-2696

https://security.gd-linux.com/info/CVE-2015-2697

https://security.gd-linux.com/info/CVE-2015-2698

https://security.gd-linux.com/info/CVE-2015-8629

https://security.gd-linux.com/info/CVE-2015-8630

https://security.gd-linux.com/info/CVE-2015-8631

https://security.gd-linux.com/info/CVE-2016-3119

https://security.gd-linux.com/info/CVE-2016-3120

https://security.gd-linux.com/info/CVE-2017-11368

https://security.gd-linux.com/info/CVE-2017-11462

https://security.gd-linux.com/info/CVE-2017-15088

https://security.gd-linux.com/info/CVE-2018-5729

https://security.gd-linux.com/info/CVE-2018-5730

https://security.gd-linux.com/info/CVE-2020-28196

Plugin Details

Severity: Critical

ID: 266225

File Name: newstart_cgsl_NS-SA-2025-0215_krb5.nasl

Version: 1.1

Type: local

Published: 9/30/2025

Updated: 9/30/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-0285

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2017-15088

Vulnerability Information

CPE: cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:krb5-libs, p-cpe:/a:zte:cgsl_main:libkadm5, p-cpe:/a:zte:cgsl_main:krb5-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/30/2025

Vulnerability Publication Date: 8/8/2006

Reference Information

CVE: CVE-2002-2443, CVE-2006-3084, CVE-2006-6143, CVE-2006-6144, CVE-2007-0956, CVE-2007-0957, CVE-2007-1216, CVE-2007-2442, CVE-2007-2443, CVE-2007-2798, CVE-2007-3999, CVE-2007-4000, CVE-2007-4743, CVE-2007-5901, CVE-2007-5971, CVE-2008-0062, CVE-2008-0063, CVE-2008-0947, CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847, CVE-2009-3295, CVE-2009-4212, CVE-2010-0283, CVE-2010-0628, CVE-2010-1320, CVE-2010-1321, CVE-2010-1322, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285, CVE-2011-1527, CVE-2011-1528, CVE-2011-1529, CVE-2011-1530, CVE-2012-1012, CVE-2012-1014, CVE-2012-1015, CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345, CVE-2014-5351, CVE-2014-5352, CVE-2014-5353, CVE-2014-5354, CVE-2014-5355, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423, CVE-2015-2694, CVE-2015-2695, CVE-2015-2696, CVE-2015-2697, CVE-2015-2698, CVE-2015-8629, CVE-2015-8630, CVE-2015-8631, CVE-2016-3119, CVE-2016-3120, CVE-2017-11368, CVE-2017-11462, CVE-2017-15088, CVE-2018-5729, CVE-2018-5730, CVE-2020-28196