Detections
Analytics

Kerberos klogind Remote Overflow

high Nessus Plugin ID 10411

Synopsis

The remote Kerberized service may be susceptible to a buffer overflow attack.

Description

The remote klogind seems to be affected by a buffer overflow vulnerability involving its 'krb_rd_req()' library function that may also affect other Kerberos-related programs.

An attacker may use this to gain a root shell on this host.

Solution

If using the Kerberos distribution from MIT, upgrade to Kerberos 5 version 1.2. Otherwise, contact the vendor for an update.

See Also

https://seclists.org/bugtraq/2000/May/189

Plugin Details

Severity: High

ID: 10411

File Name: kerberos_overflow.nasl

Version: 1.19

Type: remote

Published: 5/18/2000

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/16/2000

Vulnerability Publication Date: 5/16/2000

Reference Information

CVE: CVE-2000-0389

BID: 1220

CERT-CC: CA-2000-06