Oval Definition:oval:org.mitre.oval:def:28128
Revision Date:2015-03-16Version:15
Title:Return only new keys in randkey
Description:The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-5351
Platform(s):IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis
  • platforms
  • IBM AIX 6.1 is installed
  • OR IBM AIX 7.1 is installed
  • AND filesets
  • File Version Exists
  • NAS installed version greater than 1.5
  • AND krb5.client.rte less than 1.5.0.7
  • OR File Version Exists
  • NAS installed version greater than 1.6
  • AND krb5.client.rte less than 1.6.0.2
  • OR File Version Exists
  • NAS installed version greater than 1.5
  • AND krb5.server.rte less than 1.5.0.7
  • OR File Version Exists
  • NAS installed version greater than 1.6
  • AND krb5.server.rte less than 1.6.0.2
  • BACK