CVE-2013-4134

Опубликовано: 05 нояб. 2013

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.

Ссылки

http://www.debian.org/security/2013/dsa-2729
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2014:244
Broken Link
http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt
Vendor Advisory
http://www.debian.org/security/2013/dsa-2729
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2014:244
Broken Link
http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*

Версия до 1.4.14 (включая)

cpe:2.3:a:openafs:openafs:1.0:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.0.4a:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.1:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.1.1a:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2.2a:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2.2b:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2.10:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2.11:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.2.13:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.3:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.3.70:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.3.74:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.3.77:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.3.81:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.6:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.7:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.7_pre1:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.7_pre2:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.7_pre3:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.7_pre4:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.7_pre5:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.8:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.8_pre1:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.8_pre2:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.8_pre3:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.4.12:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.6.2.1:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.6.4:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.3:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.4:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.8:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.10:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.11:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.12:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.13:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.14:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.15:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.16:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.17:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.18:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.19:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.20:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.21:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.22:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.23:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.24:*:*:*:*:*:*:*

cpe:2.3:a:openafs:openafs:1.7.25:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00152

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

CVE-2013-4134

ubuntu

больше 12 лет назад

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.

CVE-2013-4134

debian

больше 12 лет назад

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 use ...

GHSA-rj2q-26jf-jvvq

github

больше 3 лет назад

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.

BDU:2015-09679

fstec

почти 12 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 36%

0.00152

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-310