How to Buy
This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated Kerberos (krb5) packages that correct double-free and ASN.1
parsing bugs are now available for Red Hat Enterprise Linux.
Kerberos is a networked authentication system that uses a trusted
third party (a KDC) to authenticate clients and servers to each other.
Several double-free bugs were found in the Kerberos 5 KDC and
libraries. A remote attacker could potentially exploit these flaws to
execute arbitrary code. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the names CVE-2004-0642 and
CVE-2004-0643 to these issues.
A double-free bug was also found in the krb524 server (CVE-2004-0772),
however this issue was fixed for Red Hat Enterprise Linux 2.1 users by
a previous erratum, RHSA-2003:052.
An infinite loop bug was found in the Kerberos 5 ASN.1 decoder
library. A remote attacker may be able to trigger this flaw and cause
a denial of service. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0644 to this issue.
All users of krb5 should upgrade to these updated packages, which
contain backported security patches to resolve these issues.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
Family: Red Hat Local Security Checks
Nessus Plugin ID: 14596 ()
CVE ID: CVE-2004-0642CVE-2004-0643CVE-2004-0644
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.