Debian DSA-2031-1 : krb5 - use-after-free
Medium Nessus Plugin ID 45479
SynopsisThe remote Debian host is missing a security-related update.
DescriptionSol Jerome discovered that kadmind service in krb5, a system for authenticating users and services on a network, allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
SolutionUpgrade the krb5 package.
For the stable distribution (lenny), this problem has been fixed in version 1.6.dfsg.4~beta1-5lenny3.