OracleVM 2.2 : krb5 (OVMSA-2011-0015)

Critical Nessus Plugin ID 79475


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- Fix for (CVE-2011-4862)

- incorporate a fix to teach the file labeling bits about when replay caches are expunged (#712453)

- rebuild

- ftp: handle larger command inputs (#665833)

- don't bail halfway through an unlock operation when the result will be discarded and the end-result not cleaned up (Martin Osvald, #586032)

- add a versioned dependency between krb5-server-ldap and krb5-libs (internal tooling)

- don't discard the error code from an error message received in response to a change-password request (#658871, RT#6893)

- ftpd: add patch from Jatin Nansi to correctly match restrict lines in /etc/ftpusers (#644215, RT#6889)

- ftp: add modified patch from Rogan Kyuseok Lee to report the number of bytes transferred correctly when transferring large files on 32-bit systems (#648404)

- backport fix for RT#6514: memory leak freeing rcache type none (#678205)

- add upstream patch to fix hang or crash in the KDC when using the LDAP kdb backend (CVE-2011-0281, CVE-2011-0282, #671097)

- incorporate upstream patch for checksum acceptance issues from MITKRB5-SA-2010-007 (CVE-2010-1323, #652308)

- backport a fix to the previous change (#539423)

- backport the k5login_directory and k5login_authoritative settings (#539423)

- krshd: don't limit user names to 16 chars when utmp can handle names at least a bit longer than that (#611713)

- fix a logic bug in computing key expiration times (RT#6762, #627038)

- correct the post-rotate scriptlet in the kadmind logrotate config (more of #462658)

- ftpd: backport changes to modify behavior to match telnetd,rshd,rlogind and accept GSSAPI auth to any service for which we have a matching key (#538075)

- pull in fix for RT#5551 to treat the referral realm when seen in a ticket as though it were the local realm (#498554, also very likely #450122)

- add aes256-cts:normal and aes128-cts:normal to the list of keysalts in the default kdc.conf (part of #565941)

- add a note to kdc.conf(5) pointing to the admin guide for the list of recognized key and salt types (the rest of #565941)

- add logrotate configuration files for krb5kdc and kadmind (#462658)

- libgssapi: backport patch from svn to stop returning context-expired errors when the ticket which was used to set up the context expires (#605367, upstream #6739)

- enable building the -server-ldap subpackage (#514362)

- stop caring about the endianness of stash files (#514741), which will be replaced by proper keytab files in later releases

- don't crash in krb5_get_init_creds_password if the passed-in options struct is NULL and the clients keys have expired (#555875)

- ksu: perform PAM account and session management before dropping privileges to those of the target user (#540769 and #596887, respectively)

- add candidate patch to correct libgssapi null pointer dereference which could be triggered by malformed client requests (CVE-2010-1321, #583704)

- fix a null pointer dereference and crash introduced in our PAM patch that would happen if ftpd was given the name of a user who wasnt known to the local system, limited to being triggerable by gssapi-authenticated clients by the default xinetd config (Olivier Fourdan, #569472)

- add upstream patch to fix a few use-after-free bugs, including one in kadmind (CVE-2010-0629, #578186)

- merge patch to correct KDC integer overflows which could be triggered by malformed RC4 and AES ciphertexts (CVE-2009-4212, #546348)

- pull changes to libkrb5 to properly handle and chase off-path referrals back from 1.7 (#546538)

- add an auth stack to ksus PAM configuration so that it can successfully pam_setcred

- also set PAM_RUSER in ksu for completeness (#479071+#477033)

- fix various typos, except for bits pertaining to licensing (#499190)

- kdb5_util: when renaming a database, if the new names associated lock files don't exist, go ahead and create them (#442879)

- ksu: perform PAM account and session management for the target user authentication is still performed as before (#477033)

- fix typo in ksus reporting of errors getting credentials (#462890)

- kadmind.init: stop setting up a keytab, as kadminds been able to use the database directly for a while now (#473151)

- pull up patch to set PAM_RHOST (James Leddy, #479071)


Update the affected krb5-libs / krb5-workstation packages.

See Also

Plugin Details

Severity: Critical

ID: 79475

File Name: oraclevm_OVMSA-2011-0015.nasl

Version: $Revision: 1.7 $

Type: local

Published: 2014/11/26

Modified: 2017/02/14

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C


Base Score: 3.7

Temporal Score: 3.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:krb5-libs, p-cpe:/a:oracle:vm:krb5-workstation, cpe:/o:oracle:vm_server:2.2

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/01/04

Exploitable With

Core Impact

Metasploit (Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow)

ExploitHub (EH-11-760)

Reference Information

CVE: CVE-2009-4212, CVE-2010-0629, CVE-2010-1321, CVE-2010-1323, CVE-2011-0281, CVE-2011-0282, CVE-2011-4862

BID: 37749, 39247, 40235, 45118, 46265, 46271, 51182

CWE: 189