Detections
Analytics
Mandriva Linux Security Advisory : krb5 (MDVSA-2011:048)
high Nessus Plugin ID 52730
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
A vulnerability was discovered and corrected in krb5 :The MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication (PKINIT) capability is enabled, resulting in daemon crash or arbitrary code execution (which is believed to be difficult) (CVE-2011-0284).
The updated packages have been patched to correct this issue.
Solution
Update the affected packages.See Also
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-003.txt
Plugin Details
Severity: High
ID: 52730
File Name: mandriva_MDVSA-2011-048.nasl
Version: 1.17
Type: local
Family: Mandriva Local Security Checks
Published: 3/21/2011
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:krb5, p-cpe:/a:mandriva:linux:krb5-pkinit-openssl, p-cpe:/a:mandriva:linux:krb5-server, p-cpe:/a:mandriva:linux:krb5-server-ldap, p-cpe:/a:mandriva:linux:krb5-workstation, p-cpe:/a:mandriva:linux:lib64krb53, p-cpe:/a:mandriva:linux:lib64krb53-devel, p-cpe:/a:mandriva:linux:libkrb53, p-cpe:/a:mandriva:linux:libkrb53-devel, cpe:/o:mandriva:linux:2010.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 3/18/2011
Reference Information
CVE: CVE-2011-0284
MDVSA: 2011:048