FreeBSD : krb5 -- ASN.1 decoder denial-of-service vulnerability (bd60922b-fb8d-11d8-a13e-000a95bc6fae)
Medium Nessus Plugin ID 36731
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionAn advisory published by the MIT Kerberos team says :
The ASN.1 decoder library in the MIT Kerberos 5 distribution is vulnerable to a denial-of-service attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack.
An unauthenticated remote attacker can cause a KDC or application server to hang inside an infinite loop.
An attacker impersonating a legitimate KDC or application server may cause a client program to hang inside an infinite loop.
SolutionUpdate the affected package.