Detections
Analytics

OracleVM 2.2 : krb5 (OVMSA-2011-0015)

low Nessus Plugin ID 79475

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - Fix for (CVE-2011-4862)

 - incorporate a fix to teach the file labeling bits about when replay caches are expunged (#712453)

 - rebuild

 - ftp: handle larger command inputs (#665833)

 - don't bail halfway through an unlock operation when the result will be discarded and the end-result not cleaned up (Martin Osvald, #586032)

 - add a versioned dependency between krb5-server-ldap and krb5-libs (internal tooling)

 - don't discard the error code from an error message received in response to a change-password request (#658871, RT#6893)

 - ftpd: add patch from Jatin Nansi to correctly match restrict lines in /etc/ftpusers (#644215, RT#6889)

 - ftp: add modified patch from Rogan Kyuseok Lee to report the number of bytes transferred correctly when transferring large files on 32-bit systems (#648404)

 - backport fix for RT#6514: memory leak freeing rcache type none (#678205)

 - add upstream patch to fix hang or crash in the KDC when using the LDAP kdb backend (CVE-2011-0281, CVE-2011-0282, #671097)

 - incorporate upstream patch for checksum acceptance issues from MITKRB5-SA-2010-007 (CVE-2010-1323, #652308)

 - backport a fix to the previous change (#539423)

 - backport the k5login_directory and k5login_authoritative settings (#539423)

 - krshd: don't limit user names to 16 chars when utmp can handle names at least a bit longer than that (#611713)

 - fix a logic bug in computing key expiration times (RT#6762, #627038)

 - correct the post-rotate scriptlet in the kadmind logrotate config (more of #462658)

 - ftpd: backport changes to modify behavior to match telnetd,rshd,rlogind and accept GSSAPI auth to any service for which we have a matching key (#538075)

 - pull in fix for RT#5551 to treat the referral realm when seen in a ticket as though it were the local realm (#498554, also very likely #450122)

 - add aes256-cts:normal and aes128-cts:normal to the list of keysalts in the default kdc.conf (part of #565941)

 - add a note to kdc.conf(5) pointing to the admin guide for the list of recognized key and salt types (the rest of #565941)

 - add logrotate configuration files for krb5kdc and kadmind (#462658)

 - libgssapi: backport patch from svn to stop returning context-expired errors when the ticket which was used to set up the context expires (#605367, upstream #6739)

 - enable building the -server-ldap subpackage (#514362)

 - stop caring about the endianness of stash files (#514741), which will be replaced by proper keytab files in later releases

 - don't crash in krb5_get_init_creds_password if the passed-in options struct is NULL and the clients keys have expired (#555875)

 - ksu: perform PAM account and session management before dropping privileges to those of the target user (#540769 and #596887, respectively)

 - add candidate patch to correct libgssapi null pointer dereference which could be triggered by malformed client requests (CVE-2010-1321, #583704)

 - fix a null pointer dereference and crash introduced in our PAM patch that would happen if ftpd was given the name of a user who wasnt known to the local system, limited to being triggerable by gssapi-authenticated clients by the default xinetd config (Olivier Fourdan, #569472)

 - add upstream patch to fix a few use-after-free bugs, including one in kadmind (CVE-2010-0629, #578186)

 - merge patch to correct KDC integer overflows which could be triggered by malformed RC4 and AES ciphertexts (CVE-2009-4212, #546348)

 - pull changes to libkrb5 to properly handle and chase off-path referrals back from 1.7 (#546538)

 - add an auth stack to ksus PAM configuration so that it can successfully pam_setcred

 - also set PAM_RUSER in ksu for completeness (#479071+#477033)

 - fix various typos, except for bits pertaining to licensing (#499190)

 - kdb5_util: when renaming a database, if the new names associated lock files don't exist, go ahead and create them (#442879)

 - ksu: perform PAM account and session management for the target user authentication is still performed as before (#477033)

 - fix typo in ksus reporting of errors getting credentials (#462890)

 - kadmind.init: stop setting up a keytab, as kadminds been able to use the database directly for a while now (#473151)

 - pull up patch to set PAM_RHOST (James Leddy, #479071)

Solution

Update the affected krb5-libs / krb5-workstation packages.

See Also

http://www.nessus.org/u?783bc3a1

Plugin Details

Severity: Low

ID: 79475

File Name: oraclevm_OVMSA-2011-0015.nasl

Version: 1.12

Type: local

Published: 11/26/2014

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:krb5-libs, p-cpe:/a:oracle:vm:krb5-workstation, cpe:/o:oracle:vm_server:2.2

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/4/2012

Vulnerability Publication Date: 1/13/2010

Exploitable With

Core Impact

Metasploit (Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow)

ExploitHub (EH-11-760)

Reference Information

CVE: CVE-2009-4212, CVE-2010-0629, CVE-2010-1321, CVE-2010-1323, CVE-2011-0281, CVE-2011-0282, CVE-2011-4862

BID: 37749, 39247, 40235, 45118, 46265, 46271, 51182

CWE: 189