FreeBSD : Incorrect cross-realm trust handling in Heimdal (bfb36941-84fa-11d8-a41f-0020ed76ef5a)
Medium Nessus Plugin ID 37254
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionHeimdal does not correctly validate the `transited' field of Kerberos tickets when computing the authentication path. This could allow a rogue KDC with which cross-realm relationships have been established to impersonate any KDC in the authentication path.
SolutionUpdate the affected package.