This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Amazon Linux AMI host is missing a security update.
An uninitialized pointer use flaw was found in the way the MIT
Kerberos KDC handled initial authentication requests (AS-REQ). A
remote, unauthenticated attacker could use this flaw to crash the KDC
via a specially crafted AS-REQ request. (CVE-2012-1015)
A NULL pointer dereference flaw was found in the MIT Kerberos
administration daemon, kadmind. A Kerberos administrator who has the
'create' privilege could use this flaw to crash kadmind.
See also :
Run 'yum update krb5' to update your system.
Risk factor :
High / CVSS Base Score : 9.3