This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
The remote Fedora Core host is missing a security update.
A double-free flaw was found in the krb5_recvauth() routine which may
be triggered by a remote unauthenticated attacker. Fedora Core 4
contains checks within glibc that detect double-free flaws. Therefore,
on Fedora Core 4, successful exploitation of this issue can only lead
to a denial of service (KDC crash). The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-1689 to this issue.
Daniel Wachdorf discovered a single byte heap overflow in the
krb5_unparse_name() function, part of krb5-libs. Successful
exploitation of this flaw would lead to a denial of service (crash).
To trigger this flaw remotely, an attacker would need to have control
of a kerberos realm that shares a cross-realm key with the target,
making exploitation of this flaw unlikely. (CVE-2005-1175).
Daniel Wachdorf also discovered that in error conditions that may
occur in response to correctly-formatted client requests, the Kerberos
5 KDC may attempt to free uninitialized memory. This could allow a
remote attacker to cause a denial of service (KDC crash)
l Delalleau discovered an information disclosure
issue in the way some telnet clients handle messages from a server. An
attacker could construct a malicious telnet server that collects
information from the environment of any victim who connects to it
using the Kerberos-aware telnet client (CVE-2005-0488).
The rcp protocol allows a server to instruct a client to write to
arbitrary files outside of the current directory. This could
potentially cause a security issue if a user uses the Kerberos-aware
rcp to copy files from a malicious server (CVE-2004-0175).
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
Family: Fedora Local Security Checks
Nessus Plugin ID: 18685 (fedora_2005-553.nasl)
CVE ID: CVE-2005-1689