diff options
| author | Stanislav Sedov <stas@FreeBSD.org> | 2010-12-10 01:02:04 +0000 |
|---|---|---|
| committer | Stanislav Sedov <stas@FreeBSD.org> | 2010-12-10 01:02:04 +0000 |
| commit | 3f94eeab0792c082103566b2eca9f13347731ea5 (patch) | |
| tree | 5fb13c70a72df30abb2f6c6b363e83af53c49ae2 /security | |
| parent | 76e9c0860c4df58fc2d126856741a4315a19ef8a (diff) | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 189 |
1 files changed, 189 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index f54dcaa1f1c2..d9d418dcd930 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,195 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="4ccbd40d-03f7-11e0-bf50-001a926c7637"> + <topic>krb5 -- client impersonation vulnerability</topic> + <affects> + <package> + <name>krb5</name> + <range><ge>1.7.0</ge><lt>1.8.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The MIT Kerberos team reports:</p> + <blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"> + <p>MIT krb5 KDC may issue tickets not requested + by a client, based on an attacker-chosen KrbFastArmoredReq.</p> + <p>An authenticated remote attacker that controls a legitimate service + principal could obtain a valid service ticket to itself containing + valid KDC-generated authorization data for a client whose TGS-REQ it + has intercepted. The attacker could then use this ticket for + S4U2Proxy to impersonate the targeted client even if the client + never authenticated to the subverted service. The vulnerable + configuration is believed to be rare.</p> + </blockquote> + </body> + </description> + <references> + <bid>45122</bid> + <cvename>CVE-2010-4021</cvename> + <url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt</url> + <url>http://osvdb.org/69607</url> + </references> + <dates> + <discovery>2010-11-30</discovery> + <entry>2010-12-09</entry> + </dates> + </vuln> + + <vuln vid="1d193bba-03f6-11e0-bf50-001a926c7637"> + <topic>krb5 -- RFC 3961 key-derivation checksum handling vulnerability</topic> + <affects> + <package> + <name>krb5</name> + <range><ge>1.8.0</ge><le>1.8.3</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The MIT Kerberos team reports:</p> + <blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"> + <p>MIT krb5 (releases incorrectly accepts RFC 3961 + key-derivation checksums using RC4 keys when verifying AD-SIGNEDPATH + and AD-KDC-ISSUED authorization data.</p> + <p>An authenticated remote attacker that controls a legitimate service + principal has a 1/256 chance of forging the AD-SIGNEDPATH signature + if the TGT key is RC4, allowing it to use self-generated "evidence" + tickets for S4U2Proxy, instead of tickets obtained from the user or + with S4U2Self. Configurations using RC4 for the TGT key are + believed to be rare.</p> + <p>An authenticated remote attacker has a 1/256 chance of forging + AD-KDC-ISSUED signatures on authdata elements in tickets having + an RC4 service key, resulting in privilege escalation against + a service that relies on these signatures. There are no known + uses of the KDC-ISSUED authdata container at this time.</p> + </blockquote> + </body> + </description> + <references> + <bid>45117</bid> + <cvename>CVE-2010-4020</cvename> + <url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt</url> + <url>http://osvdb.org/69608</url> + </references> + <dates> + <discovery>2010-11-30</discovery> + <entry>2010-12-09</entry> + </dates> + </vuln> + + <vuln vid="9f971cea-03f5-11e0-bf50-001a926c7637"> + <topic>krb5 -- unkeyed PAC checksum handling vulnerability</topic> + <affects> + <package> + <name>krb5</name> + <range><ge>1.7.0</ge><lt>1.8.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The MIT Kerberos team reports:</p> + <blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"> + <p>MIT krb5 incorrectly accepts an unkeyed checksum for PAC + signatures.</p> + <p>An authenticated remote attacker can forge PACs if using a KDC that + does not filter client-provided PAC data. This can result in + privilege escalation against a service that relies on PAC contents + to make authorization decisions.</p> + </blockquote> + </body> + </description> + <references> + <bid>45116</bid> + <cvename>CVE-2010-1324</cvename> + <url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt</url> + <url>http://osvdb.org/69609</url> + </references> + <dates> + <discovery>2010-11-30</discovery> + <entry>2010-12-09</entry> + </dates> + </vuln> + + <vuln vid="0d57c1d9-03f4-11e0-bf50-001a926c7637"> + <topic>krb5 -- multiple checksum handling vulnerabilities</topic> + <affects> + <package> + <name>krb5</name> + <range><ge>1.7.0</ge><le>1.8.3</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The MIT Kerberos team reports:</p> + <blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"> + <p>MIT krb incorrectly accepts an unkeyed + checksum with DES session keys for version 2 (RFC 4121) + of the GSS-API krb5 mechanism.</p> + <p>An unauthenticated remote attacker can forge GSS tokens that are + intended to be integrity-protected but unencrypted, if the targeted + pre-existing application session uses a DES session key.</p> + <p>MIT krb5 KDC incorrectly accepts RFC + 3961 key-derivation checksums using RC4 keys when verifying the + req-checksum in a KrbFastArmoredReq.</p> + <p>An unauthenticated remote attacker has a 1/256 chance of swapping a + client-issued KrbFastReq into a different KDC-REQ, if the armor + key is RC4. The consequences are believed to be minor.</p> + </blockquote> + </body> + </description> + <references> + <bid>45116</bid> + <cvename>CVE-2010-1324</cvename> + <url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt</url> + <url>http://osvdb.org/69609</url> + </references> + <dates> + <discovery>2010-11-30</discovery> + <entry>2010-12-09</entry> + </dates> + </vuln> + + <vuln vid="11bbccbc-03ee-11e0-bcdb-001fc61c2a55"> + <topic>krb5 -- multiple checksum handling vulnerabilities</topic> + <affects> + <package> + <name>krb5</name> + <range><ge>1.3.0</ge><le>1.8.3</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The MIT Kerberos team reports:</p> + <blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"> + <p>MIT krb5 clients incorrectly accept an unkeyed checksums + in the SAM-2 preauthentication challenge.</p> + <p>An unauthenticated remote attacker could alter a SAM-2 challenge, + affecting the prompt text seen by the user or the kind of response + sent to the KDC. Under some circumstances, this can negate the + incremental security benefit of using a single-use authentication + mechanism token.</p> + <p>MIT krb5 incorrectly accepts RFC 3961 key-derivation checksums + using RC4 keys when verifying KRB-SAFE messages.</p> + <p>An unauthenticated remote attacker has a 1/256 chance of forging + KRB-SAFE messages in an application protocol if the targeted + pre-existing session uses an RC4 session key. Few application + protocols use KRB-SAFE messages.</p> + </blockquote> + </body> + </description> + <references> + <bid>45118</bid> + <cvename>CVE-2010-1323</cvename> + <url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt</url> + <url>http://osvdb.org/69610</url> + </references> + <dates> + <discovery>2010-11-30</discovery> + <entry>2010-12-09</entry> + </dates> + </vuln> + <vuln vid="6887828f-0229-11e0-b84d-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects> |