SuSE 10 Security Update : krb5-apps-servers and krb5-apps-clients (ZYPP Patch Number 1938)

This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

Various return checks of setuid() and seteuid() calls have been fixed
in kerberos client and server applications.

If these applications are setuid, it might have been possible for
local attackers to gain root access. (CVE-2006-3083)

We are not affected by the seteuid() problems, tracked by
CVE-2006-3084.

See also :

http://support.novell.com/security/cve/CVE-2006-3083.html
http://support.novell.com/security/cve/CVE-2006-3084.html

Solution :

Apply ZYPP patch number 1938.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 29496 ()

Bugtraq ID:

CVE ID: CVE-2006-3083
CVE-2006-3084

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now