Synopsis :

The remote Fedora Core host is missing a security update.

Description :

A double-free flaw was found in the krb5_recvauth() routine which may
be triggered by a remote unauthenticated attacker. Fedora Core 4
contains checks within glibc that detect double-free flaws. Therefore,
on Fedora Core 4, successful exploitation of this issue can only lead
to a denial of service (KDC crash). The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-1689 to this issue.

Daniel Wachdorf discovered a single byte heap overflow in the
krb5_unparse_name() function, part of krb5-libs. Successful
exploitation of this flaw would lead to a denial of service (crash).
To trigger this flaw remotely, an attacker would need to have control
of a kerberos realm that shares a cross-realm key with the target,
making exploitation of this flaw unlikely. (CVE-2005-1175).

Daniel Wachdorf also discovered that in error conditions that may
occur in response to correctly-formatted client requests, the Kerberos
5 KDC may attempt to free uninitialized memory. This could allow a
remote attacker to cause a denial of service (KDC crash)
(CVE-2005-1174).

Ga&Atilde
&laquo
l Delalleau discovered an information disclosure
issue in the way some telnet clients handle messages from a server. An
attacker could construct a malicious telnet server that collects
information from the environment of any victim who connects to it
using the Kerberos-aware telnet client (CVE-2005-0488).

The rcp protocol allows a server to instruct a client to write to
arbitrary files outside of the current directory. This could
potentially cause a security issue if a user uses the Kerberos-aware
rcp to copy files from a malicious server (CVE-2004-0175).

See also :

http://www.nessus.org/u?7e0d4cf1

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)