RHEL 2.1 : krb5 (RHSA-2002:173)

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated Kerberos 5 packages are now available for Red Hat LInux
Advanced Server. These updates fix a buffer overflow in the XDR

Sun RPC is a remote procedure call framework which allows clients to
invoke procedures in a server process over a network. XDR is a
mechanism for encoding data structures for use with RPC.

The Kerberos 5 network authentication system contains an RPC library
which includes an XDR decoder derived from Sun's RPC implementation.
The Sun implementation was recently demonstrated to be vulnerable to a
heap overflow. It is believed that the attacker needs to be able to
authenticate to the kadmin daemon for this attack to be successful. No
exploits are known to currently exist.

All users should upgrade to these errata packages which contain an
updated version of Kerberos 5 which is not vulnerable to this issue.

See also :


Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12320 ()

Bugtraq ID:

CVE ID: CVE-2002-0391

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now