Oval Definition:oval:org.mitre.oval:def:724
Revision Date:2011-05-09Version:19
Title:MIT Kerberos 5 KRB5_AName_To_Localname Multiple Principal Name Buffer Overrun Vulnerabilities
Description:Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0523
Platform(s):Sun Solaris 7
Sun Solaris 8
Sun Solaris 9
Product(s):
Definition Synopsis
  • Software section
  • Solaris 7 (SPARC) meets Sun Alert ID 101512 criteria.
  • Solaris 7 Installed
  • AND sparc architecture
  • AND NOT Patch 112536-05 or later installed
  • OR Solaris 7 (x86) meets Sun Alert ID 101512 criteria.
  • Solaris 7 Installed
  • AND ix86 architecture
  • AND NOT Patch 112537-05 or later installed
  • OR Solaris 8 (SPARC) meets Sun Alert ID 101512 criteria.
  • Solaris 8 Installed
  • AND sparc architecture
  • AND NOT Patch 112237-11 or later installed
  • AND NOT Patch 112390-09 or later installed
  • OR Solaris 8 (x86) meets Sun Alert ID 101512 criteria.
  • Solaris 8 Installed
  • AND ix86 architecture
  • AND NOT Patch 112240-08 or later installed
  • AND NOT Patch 112238-10 or later installed
  • OR Solaris 9 (SPARC) meets Sun Alert ID 101512 criteria.
  • Solaris 9 Installed
  • AND sparc architecture
  • AND NOT Patch 112908-15 or later installed
  • OR Solaris 9 (x86) meets Sun Alert ID 101512 criteria.
  • Solaris 9 Installed
  • AND ix86 architecture
  • AND NOT Patch 115168-05 or later installed
  • AND Configuration section
  • Target's configuration meets 101512 configuration criteria.
  • Solaris Enterprise Authentication Mechanism (ANY SUNWkr5sl/SUNWkr5sv/SUNWkrgdo/SUNWkrggl)
  • Sun Enterprise Authentication Mechanism (SEAM, SUNWkr5sv) installed
  • OR Sun Enterprise Authentication Mechanism (SEAM, SUNWkr5sl) installed
  • OR Sun Enterprise Authentication Mechanism (SEAM, SUNWkrgdo) installed
  • OR Sun Enterprise Authentication Mechanism (SEAM, SUNWkrggl) installed
  • OR SEAM is not installed, but target is a kerberos client.
  • Solaris Enterprise Authentication Mechanism (ANY SUNWkr5sl/SUNWkr5sv/SUNWkrgdo/SUNWkrggl)
  • Sun Enterprise Authentication Mechanism (SEAM, SUNWkr5sv) installed
  • OR Sun Enterprise Authentication Mechanism (SEAM, SUNWkr5sl) installed
  • OR Sun Enterprise Authentication Mechanism (SEAM, SUNWkrgdo) installed
  • OR Sun Enterprise Authentication Mechanism (SEAM, SUNWkrggl) installed
  • AND /etc/krb5/krb5.conf is configured as a kerberos client
    • BACK