Medium Nessus Plugin ID 21013
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:011 (heimdal).
Heimdal is a Kerberos 5 implementation from the Royal Institut of Techno- logy in Stockholm.
This update fixes two bugs in heimdal. The first one occurs in the rsh daemon and allows an authenticated malicious user to gain ownership of files that belong to other users (CVE-2006-0582).
The second bug affects the telnet server and can be used to crash the server before authentication happens. It is even a denial-of-service attack when the telnetd is started via inetd because inetd stops forking the daemon when it forks too fast (CVE-2006-0677).