RHEL 2.1 : krb5 (RHSA-2002:173)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated Kerberos 5 packages are now available for Red Hat LInux
Advanced Server. These updates fix a buffer overflow in the XDR
decoder.

Sun RPC is a remote procedure call framework which allows clients to
invoke procedures in a server process over a network. XDR is a
mechanism for encoding data structures for use with RPC.

The Kerberos 5 network authentication system contains an RPC library
which includes an XDR decoder derived from Sun's RPC implementation.
The Sun implementation was recently demonstrated to be vulnerable to a
heap overflow. It is believed that the attacker needs to be able to
authenticate to the kadmin daemon for this attack to be successful. No
exploits are known to currently exist.

All users should upgrade to these errata packages which contain an
updated version of Kerberos 5 which is not vulnerable to this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2002-0391.html
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-001-xdr.txt
http://rhn.redhat.com/errata/RHSA-2002-173.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12320 ()

Bugtraq ID:

CVE ID: CVE-2002-0391