Scientific Linux Security Update : krb5 on SL4.x, SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

An input validation flaw was found in the ASN.1 (Abstract Syntax
Notation One) decoder used by MIT Kerberos. A remote attacker could
use this flaw to crash a network service using the MIT Kerberos
library, such as kadmind or krb5kdc, by causing it to dereference or
free an uninitialized pointer. (CVE-2009-0846)

Multiple input validation flaws were found in the MIT Kerberos GSS-API
library's implementation of the SPNEGO mechanism. A remote attacker
could use these flaws to crash any network service utilizing the MIT
Kerberos GSS-API library to authenticate users or, possibly, leak
portions of the service's memory. (CVE-2009-0844, CVE-2009-0845)

See also :

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60564 ()

Bugtraq ID:

CVE ID: CVE-2009-0844