Synopsis :

The remote Debian host is missing a security-related update.

Description :

Two vulnerabilities have been discovered in heimdal, a free
implementation of Kerberos 5. The Common Vulnerabilities and Exposures
project identifies the following vulnerabilities :

- CVE-2006-0582
Privilege escalation in the rsh server allows an
authenticated attacker to overwrite arbitrary files and
gain ownership of them.

- CVE-2006-0677
A remote attacker could force the telnet server to crash
before the user logged in, resulting in inetd turning
telnetd off because it forked too fast.

The old stable distribution (woody) does not expose rsh and telnet
servers.

See also :

http://security-tracker.debian.org/tracker/CVE-2006-0582
http://security-tracker.debian.org/tracker/CVE-2006-0677
http://www.debian.org/security/2006/dsa-977

Solution :

Upgrade the heimdal packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.6.3-10sarge2.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)