Fedora Core 2 : krb5-1.3.6-4 (2005-269)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora Core host is missing a security update.

Description :

Updated krb5 packages which fix two buffer overflow vulnerabilities in
the included Kerberos-aware telnet client are now available.

Kerberos is a networked authentication system which uses a trusted
third-party (a KDC) to authenticate clients and servers to each other.

The krb5-workstation package includes a Kerberos-aware telnet client.
Two buffer overflow flaws were discovered in the way the telnet client
handles messages from a server. An attacker may be able to execute
arbitrary code on a victim's machine if the victim can be tricked into
connecting to a malicious telnet server. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names
CVE-2005-0468 and CVE-2005-0469 to these issues.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?e8ee9d2e

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Fedora Local Security Checks

Nessus Plugin ID: 18327 (fedora_2005-269.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0468
CVE-2005-0469

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now