Mandrake Linux Security Advisory : krb5 (MDKSA-2002:057)

Critical Nessus Plugin ID 13958


The remote Mandrake Linux host is missing one or more security updates.


The network authentication system in Kerberos 5 contains an RPC library that includes an XDR decoder derived from Sun's RPC implementation. This implemenation is vulnerable to a heap overflow.
With Kerberos, it is believed that an attacker would need to be able to successfully authenticate to kadmin to be able to exploit this vulnerability.


Update the affected packages.

See Also

Plugin Details

Severity: Critical

ID: 13958

File Name: mandrake_MDKSA-2002-057.nasl

Version: $Revision: 1.17 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:ftp-client-krb5, p-cpe:/a:mandriva:linux:ftp-server-krb5, p-cpe:/a:mandriva:linux:krb5-devel, p-cpe:/a:mandriva:linux:krb5-libs, p-cpe:/a:mandriva:linux:krb5-server, p-cpe:/a:mandriva:linux:krb5-workstation, p-cpe:/a:mandriva:linux:telnet-client-krb5, p-cpe:/a:mandriva:linux:telnet-server-krb5, cpe:/o:mandrakesoft:mandrake_linux:8.1, cpe:/o:mandrakesoft:mandrake_linux:8.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2002/09/09

Exploitable With


Reference Information

CVE: CVE-2002-0391

MDKSA: 2002:057