Oracle Linux 3 / 4 / 5 : krb5 (ELSA-2007-0095)

high Nessus Plugin ID 67458
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 7.4

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

From Red Hat Security Advisory 2007:0095 :

Updated krb5 packages that fix a number of issues are now available.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC.

A flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password.
(CVE-2007-0956)

Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.

For users who have enabled the krb5 telnet daemon and have it accessible remotely, this update should be applied immediately.

Whilst we are not aware at this time that the flaw is being actively exploited, we have confirmed that the flaw is very easily exploitable.

This update also fixes two additional security issues :

Buffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A remote attacker who can access the KDC could exploit this bug to run arbitrary code with the privileges of the KDC or kadmin server processes. (CVE-2007-0957)

A double-free flaw was found in the GSSAPI library used by the kadmin server daemon. Red Hat Enterprise Linux 4 and 5 contain checks within glibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux 4 and 5 successful exploitation of this issue can only lead to a denial of service. Applications which use this library in earlier releases of Red Hat Enterprise Linux may also be affected.
(CVE-2007-1216)

All users are advised to update to these erratum packages which contain a backported fix to correct these issues.

Red Hat would like to thank MIT and iDefense for reporting these vulnerabilities.

Solution

Update the affected krb5 packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2007-April/000111.html

https://oss.oracle.com/pipermail/el-errata/2007-April/000113.html

https://oss.oracle.com/pipermail/el-errata/2007-June/000237.html

Plugin Details

Severity: High

ID: 67458

File Name: oraclelinux_ELSA-2007-0095.nasl

Version: 1.10

Type: local

Agent: unix

Published: 7/12/2013

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: High

VPR Score: 7.4

CVSS v2.0

Base Score: 9

Temporal Score: 7.4

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:krb5-devel, p-cpe:/a:oracle:linux:krb5-libs, p-cpe:/a:oracle:linux:krb5-server, p-cpe:/a:oracle:linux:krb5-workstation, cpe:/o:oracle:linux:3, cpe:/o:oracle:linux:4, cpe:/o:oracle:linux:5

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/4/2007

Vulnerability Publication Date: 4/5/2007

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2007-0956, CVE-2007-0957, CVE-2007-1216

BID: 23281, 23282, 23285

RHSA: 2007:0095

CWE: 119