SUSE-SA:2007:004: krb5

High Nessus Plugin ID 24458

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2007:004 (krb5).


Various bugs in the Kerberos5 libraries and tools were fixed which could be used by remote attackers to crash and potentially execute code in kadmind.

- CVE-2006-6144 / MITKRB5-SA-2006-002: the RPC library could call an uninitialized function pointer, which created a security vulnerability for kadmind.

- CVE-2006-6143 / MITKRB5-SA-2006-003: the GSS-API mechglue layer could fail to initialize some output pointers, causing callers to attempt to free uninitialized pointers. This caused a security vulnerability in kadmind.

Solution

http://www.novell.com/linux/security/advisories/2007_04_krb5.html

Plugin Details

Severity: High

ID: 24458

File Name: suse_SA_2007_004.nasl

Version: 1.9

Agent: unix

Published: 2007/02/18

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list