Mandriva Linux Security Advisory : krb5 (MDVSA-2009:098-1)

Critical Nessus Plugin ID 38191

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities has been found and corrected in krb5 :

The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read (CVE-2009-0844).

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token (CVE-2009-0845).

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer (CVE-2009-0846).

The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic (CVE-2009-0847).

The updated packages have been patched to correct these issues.

Update :

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 38191

File Name: mandriva_MDVSA-2009-098.nasl

Version: 1.17

Type: local

Published: 2009/04/28

Updated: 2021/01/06

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 5.9

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:ftp-client-krb5, p-cpe:/a:mandriva:linux:ftp-server-krb5, p-cpe:/a:mandriva:linux:krb5, p-cpe:/a:mandriva:linux:krb5-server, p-cpe:/a:mandriva:linux:krb5-workstation, p-cpe:/a:mandriva:linux:lib64krb53, p-cpe:/a:mandriva:linux:lib64krb53-devel, p-cpe:/a:mandriva:linux:libkrb53, p-cpe:/a:mandriva:linux:libkrb53-devel, p-cpe:/a:mandriva:linux:telnet-client-krb5, p-cpe:/a:mandriva:linux:telnet-server-krb5, cpe:/o:mandriva:linux:2008.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/12/08

Reference Information

CVE: CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847

BID: 34257, 34408, 34409

MDVSA: 2009:098-1

CWE: 20, 119, 189