Amazon Linux AMI : krb5 (ALAS-2011-15)

2013-09-0400:00:00

www.tenable.com

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.738 High

EPSS

Percentile

98.1%

JSON

Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP (Lightweight Directory Access Protocol) or Berkeley Database (Berkeley DB) back end. A remote attacker could use these flaws to crash the KDC. (CVE-2011-1527 , CVE-2011-1528 , CVE-2011-1529)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2011-15.
#

include("compat.inc");

if (description)
{
  script_id(69574);
  script_version("1.5");
  script_cvs_date("Date: 2018/04/18 15:09:34");

  script_cve_id("CVE-2011-1527");
  script_xref(name:"ALAS", value:"2011-15");
  script_xref(name:"RHSA", value:"2011:1379");

  script_name(english:"Amazon Linux AMI : krb5 (ALAS-2011-15)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple NULL pointer dereference and assertion failure flaws were
found in the MIT Kerberos KDC when it was configured to use an LDAP
(Lightweight Directory Access Protocol) or Berkeley Database (Berkeley
DB) back end. A remote attacker could use these flaws to crash the
KDC. (CVE-2011-1527 , CVE-2011-1528 , CVE-2011-1529)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2011-15.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update krb5' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:krb5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:krb5-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:krb5-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:krb5-pkinit-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:krb5-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:krb5-server-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:krb5-workstation");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/10/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"krb5-debuginfo-1.9-9.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"krb5-devel-1.9-9.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"krb5-libs-1.9-9.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"krb5-pkinit-openssl-1.9-9.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"krb5-server-1.9-9.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"krb5-server-ldap-1.9-9.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"krb5-workstation-1.9-9.19.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-debuginfo / krb5-devel / krb5-libs / krb5-pkinit-openssl / etc");
}

VendorProductVersionCPE
amazonlinuxkrb5-debuginfop-cpe:/a:amazon:linux:krb5-debuginfo
amazonlinuxkrb5-develp-cpe:/a:amazon:linux:krb5-devel
amazonlinuxkrb5-libsp-cpe:/a:amazon:linux:krb5-libs
amazonlinuxkrb5-pkinit-opensslp-cpe:/a:amazon:linux:krb5-pkinit-openssl
amazonlinuxkrb5-serverp-cpe:/a:amazon:linux:krb5-server
amazonlinuxkrb5-server-ldapp-cpe:/a:amazon:linux:krb5-server-ldap
amazonlinuxkrb5-workstationp-cpe:/a:amazon:linux:krb5-workstation
amazonlinuxcpe:/o:amazon:linux

Vendor	Product	Version	CPE
amazon	linux	krb5-debuginfo	p-cpe:/a:amazon:linux:krb5-debuginfo
amazon	linux	krb5-devel	p-cpe:/a:amazon:linux:krb5-devel
amazon	linux	krb5-libs	p-cpe:/a:amazon:linux:krb5-libs
amazon	linux	krb5-pkinit-openssl	p-cpe:/a:amazon:linux:krb5-pkinit-openssl
amazon	linux	krb5-server	p-cpe:/a:amazon:linux:krb5-server
amazon	linux	krb5-server-ldap	p-cpe:/a:amazon:linux:krb5-server-ldap
amazon	linux	krb5-workstation	p-cpe:/a:amazon:linux:krb5-workstation
amazon	linux		cpe:/o:amazon:linux