This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
CVE-2009-4212 krb: KDC integer overflows in AES and RC4 decryption
Multiple integer underflow flaws, leading to heap-based corruption,
were found in the way the MIT Kerberos Key Distribution Center (KDC)
decrypted ciphertexts encrypted with the Advanced Encryption Standard
(AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client
were able to provide a specially crafted AES- or RC4-encrypted
ciphertext or texts, it could potentially lead to either a denial of
service of the central KDC (KDC crash or abort upon processing the
crafted ciphertext), or arbitrary code execution with the privileges
of the KDC (i.e., root privileges). (CVE-2009-4212)
All running services using the MIT Kerberos libraries must be
restarted for the update to take effect.
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60721 ()
CVE ID: CVE-2009-4212
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.