RHEL 2.1 : krb5 (RHSA-2002:173)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated Kerberos 5 packages are now available for Red Hat LInux
Advanced Server. These updates fix a buffer overflow in the XDR

Sun RPC is a remote procedure call framework which allows clients to
invoke procedures in a server process over a network. XDR is a
mechanism for encoding data structures for use with RPC.

The Kerberos 5 network authentication system contains an RPC library
which includes an XDR decoder derived from Sun's RPC implementation.
The Sun implementation was recently demonstrated to be vulnerable to a
heap overflow. It is believed that the attacker needs to be able to
authenticate to the kadmin daemon for this attack to be successful. No
exploits are known to currently exist.

All users should upgrade to these errata packages which contain an
updated version of Kerberos 5 which is not vulnerable to this issue.

See also :


Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12320 ()

Bugtraq ID:

CVE ID: CVE-2002-0391

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial