This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote Fedora Core host is missing a security update.
Updated krb5 packages which fix two buffer overflow vulnerabilities in
the included Kerberos-aware telnet client are now available.
Kerberos is a networked authentication system which uses a trusted
third-party (a KDC) to authenticate clients and servers to each other.
The krb5-workstation package includes a Kerberos-aware telnet client.
Two buffer overflow flaws were discovered in the way the telnet client
handles messages from a server. An attacker may be able to execute
arbitrary code on a victim's machine if the victim can be tricked into
connecting to a malicious telnet server. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names
CVE-2005-0468 and CVE-2005-0469 to these issues.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5