Scientific Linux Security Update : krb5 on SL4.x, SL5.x i386/x86_64
Critical Nessus Plugin ID 60564
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionAn input validation flaw was found in the ASN.1 (Abstract Syntax Notation One) decoder used by MIT Kerberos. A remote attacker could use this flaw to crash a network service using the MIT Kerberos library, such as kadmind or krb5kdc, by causing it to dereference or free an uninitialized pointer. (CVE-2009-0846)
Multiple input validation flaws were found in the MIT Kerberos GSS-API library's implementation of the SPNEGO mechanism. A remote attacker could use these flaws to crash any network service utilizing the MIT Kerberos GSS-API library to authenticate users or, possibly, leak portions of the service's memory. (CVE-2009-0844, CVE-2009-0845)
SolutionUpdate the affected packages.