This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
pam_krb5 address the following security issue :
A flaw was found in the pam_krb5 'existing_ticket' configuration
option. If a system is configured to use an existing credential cache
via the 'existing_ticket' option, it may be possible for a local user
to gain elevated privileges by using a different, local user's
credential cache. (CVE-2008-3825)
krb5 address the following bug :
- In cases where a server application began to
sequentially iterate through the contents of a keytab
file, if it paused to call certain functions such as
krb5_rd_req() which encountered errors, a subsequent
call to the krb5_kt_next_entry() function could cause
the calling application to crash. The issue has been
rectified and updated within these packages so that a
call to the krb5_kt_next_entry() function will not crash
the calling application.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.4