New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.8
Synopsis
The remote Scientific Linux host is missing one or more security updates.
Description
pam_krb5 address the following security issue :
A flaw was found in the pam_krb5 'existing_ticket' configuration option. If a system is configured to use an existing credential cache via the 'existing_ticket' option, it may be possible for a local user to gain elevated privileges by using a different, local user's credential cache. (CVE-2008-3825)
krb5 address the following bug :
- In cases where a server application began to sequentially iterate through the contents of a keytab file, if it paused to call certain functions such as krb5_rd_req() which encountered errors, a subsequent call to the krb5_kt_next_entry() function could cause the calling application to crash. The issue has been rectified and updated within these packages so that a call to the krb5_kt_next_entry() function will not crash the calling application.
Solution
Update the affected packages.