How to Buy
This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
pam_krb5 address the following security issue :
A flaw was found in the pam_krb5 'existing_ticket' configuration
option. If a system is configured to use an existing credential cache
via the 'existing_ticket' option, it may be possible for a local user
to gain elevated privileges by using a different, local user's
credential cache. (CVE-2008-3825)
krb5 address the following bug :
- In cases where a server application began to
sequentially iterate through the contents of a keytab
file, if it paused to call certain functions such as
krb5_rd_req() which encountered errors, a subsequent
call to the krb5_kt_next_entry() function could cause
the calling application to crash. The issue has been
rectified and updated within these packages so that a
call to the krb5_kt_next_entry() function will not crash
the calling application.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.4
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60481 ()
CVE ID: CVE-2008-3825
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.