OracleVM 2.1 : krb5 (OVMSA-2009-0003)

Critical Nessus Plugin ID 79452

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

CVE-2009-0844 The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.

CVE-2009-0845 The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.

CVE-2009-0846 The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

- update to revised patch for (CVE-2009-0844, CVE-2009-0845)

- add fix for potential buffer read overrun in the SPNEGO GSSAPI mechanism (#490635, CVE-2009-0844)

- add fix for NULL pointer dereference when handling certain error cases in the SPNEGO GSSAPI mechanism (#490635, CVE-2009-0845)

- add fix for attempt to free uninitialized pointer in the ASN.1 decoder (#490635, CVE-2009-0846)

- add fix for bug in length validation in the ASN.1 decoder (CVE-2009-0847)

- add backport of svn patch to fix a bug in how the gssapi library handles certain error cases in gss_accept_sec_context (CVE-2009-0845,

- add a backported patch which adds a check on credentials obtained from a foreign realm to make sure that they're of an acceptable type, and if not, retry to the request to get one of the right type (Sadique Puthen,

- backport fix from 1.6.3 to register file-based ccaches created with the krb5_cc_new_unique function with the global list, so that we don't crash when we go to close the ccache (#468729)

Solution

Update the affected krb5-libs / krb5-server / krb5-workstation packages.

See Also

http://www.nessus.org/u?9bfa7904

Plugin Details

Severity: Critical

ID: 79452

File Name: oraclevm_OVMSA-2009-0003.nasl

Version: Revision: 1.4

Type: local

Published: 2014/11/26

Updated: 2017/02/14

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:krb5-libs, p-cpe:/a:oracle:vm:krb5-server, p-cpe:/a:oracle:vm:krb5-workstation, cpe:/o:oracle:vm_server:2.1

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/04/16

Reference Information

CVE: CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847

BID: 34257, 34408, 34409

CWE: 20, 119, 189