Scientific Linux Security Update : pam_krb5/krb5 on SL5.x i386/x86_64
Medium Nessus Plugin ID 60481
SynopsisThe remote Scientific Linux host is missing one or more security updates.
Descriptionpam_krb5 address the following security issue :
A flaw was found in the pam_krb5 'existing_ticket' configuration option. If a system is configured to use an existing credential cache via the 'existing_ticket' option, it may be possible for a local user to gain elevated privileges by using a different, local user's credential cache. (CVE-2008-3825)
krb5 address the following bug :
- In cases where a server application began to sequentially iterate through the contents of a keytab file, if it paused to call certain functions such as krb5_rd_req() which encountered errors, a subsequent call to the krb5_kt_next_entry() function could cause the calling application to crash. The issue has been rectified and updated within these packages so that a call to the krb5_kt_next_entry() function will not crash the calling application.
SolutionUpdate the affected packages.