Mandrake Linux Security Advisory : krb5 (MDKSA-2002:057)

critical Nessus Plugin ID 13958

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

The network authentication system in Kerberos 5 contains an RPC library that includes an XDR decoder derived from Sun's RPC implementation. This implemenation is vulnerable to a heap overflow.
With Kerberos, it is believed that an attacker would need to be able to successfully authenticate to kadmin to be able to exploit this vulnerability.

Solution

Update the affected packages.

See Also

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-001-xdr.txt

Plugin Details

Severity: Critical

ID: 13958

File Name: mandrake_MDKSA-2002-057.nasl

Version: 1.20

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:ftp-client-krb5, p-cpe:/a:mandriva:linux:ftp-server-krb5, p-cpe:/a:mandriva:linux:krb5-devel, p-cpe:/a:mandriva:linux:krb5-libs, p-cpe:/a:mandriva:linux:krb5-server, p-cpe:/a:mandriva:linux:krb5-workstation, p-cpe:/a:mandriva:linux:telnet-client-krb5, p-cpe:/a:mandriva:linux:telnet-server-krb5, cpe:/o:mandrakesoft:mandrake_linux:8.1, cpe:/o:mandrakesoft:mandrake_linux:8.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/9/2002

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2002-0391

MDKSA: 2002:057