Detections
Analytics

MiracleLinux 4 : krb5-1.10.3-10.AXS4.1 (AXSA:2013-280:01)

high Nessus Plugin ID 289432

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-280:01 advisory.

 Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords.
 Security issues fixed with this release:
 CVE-2012-1016 The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.
 CVE-2013-1415 The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
 Fixed bugs:
 Upgraded to upstream version 1.10.3; in particular, better support of cross-domain trust functionality in other packages.
 Previous versions of libsmbclient depended on the krb5_locate_kdc() function. As it is no longer supported, older version of libsmbclient did not function after updating Kerberos. To fix this, an explicit conflict with older versions of libsmbclient has been added, which prevents incompatible combinations.
 Leaving the krb5-auth-dialog application prompter hanging for a long period of time triggered a large clock drift that was applied at the next kinit session. This has been fixed.
 Previously, certain KDC implementations omitted some KDC's certificates contained in a PKINIT list of trusted roots and the client failed to verify the signature on the data. This has been fixed, the client can now use its own copies for the relevant certificates and verification works as expected.
 Previously, when a client's libraries and the KDC supported AES and if a keytab file did not contain the AES keys, using the kinit command with this file failed because the strongest encryption (AES) was used.
 This has been fixed: the encryption in the keytab file is now used, if supported.
 Fixed krb5 entering a loop because of timeout variable mishandling.
 Previously, passwd failed with the token manipulation error error message if used by an Identity Management client. This has been fixed.
 Fixed some performance issue related to repeated SELinux file context configuration being reloaded every time the replay cached was flushed.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/3913

Plugin Details

Severity: High

ID: 289432

File Name: miracle_linux_AXSA-2013-280.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2013-1415

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:krb5-devel, p-cpe:/a:miracle:linux:krb5-server, p-cpe:/a:miracle:linux:krb5-workstation, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:krb5-libs, p-cpe:/a:miracle:linux:krb5-pkinit-openssl, p-cpe:/a:miracle:linux:krb5-server-ldap

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/29/2013

Vulnerability Publication Date: 1/2/2013

Reference Information

CVE: CVE-2012-1016, CVE-2013-1415