Debian DSA-2052-1 : krb5 - NULL pointer dereference
Medium Nessus Plugin ID 46724
SynopsisThe remote Debian host is missing a security-related update.
DescriptionShawn Emery discovered that in MIT Kerberos 5 (krb5), a system for authenticating users and services on a network, a NULL pointer dereference flaw in the Generic Security Service Application Program Interface (GSS-API) library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially crafted GSS-API token with a missing checksum field.
SolutionUpgrade the krb5 packages.
For the stable distribution (lenny), this problem has been fixed in version 1.6.dfsg.4~beta1-5lenny4.