Mandriva Linux Security Advisory : krb5 (MDVSA-2015:009)
Low Nessus Plugin ID 80428
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated krb5 packages fix security vulnerability :
In MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause a NULL dereference by attempting to use a named ticket policy object as a password policy for a principal. The attacker needs to be authenticated as a user who has the elevated privilege for setting password policy by adding or modifying principals (CVE-2014-5353).
SolutionUpdate the affected packages.