Mandriva Linux Security Advisory : krb5-appl (MDVSA-2011:195)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A vulnerability has been discovered and corrected in krb5-appl,
heimdal and netkit-telnet :

An unauthenticated remote attacker can cause a buffer overflow and
probably execute arbitrary code with the privileges of the telnet
daemon (CVE-2011-4862).

In Mandriva the telnetd daemon from the netkit-telnet-server package
does not have an initscript to start and stop the service, however one
could rather easily craft an initscript or start the service by other
means rendering the system vulnerable to this issue.

The updated packages have been patched to correct this issue.

See also :

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-008.txt

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 57412 ()

Bugtraq ID:

CVE ID: CVE-2011-4862

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now