Apache mod_auth_kerb <= 5.20 Buffer Overflow

Low Nessus Network Monitor Plugin ID 3816

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running the Apache mod_auth_kerb Kerberos authentication module. This version of mod_auth_kerb is reported to be vulnerable to a remote buffer overflow. The details of the attack are not yet known, however, it is alleged that an attacker would be able to crash the system or execute arbitrary code. In order to exploit this flaw, an attacker would only need to send a malformed Kerberos authentication request.

Solution

Upgrade to a version higher than 5.20.

See Also

http://modauthkerb.sourceforge.net

Plugin Details

Severity: Low

ID: 3816

Family: Web Servers

Published: 2006/11/22

Modified: 2016/02/05

Dependencies: 3057

Nessus ID: 25225, 23788, 23797, 24063

Risk Information

Risk Factor: Low

CVSSv2

Base Score: 3.3

Temporal Score: 2.4

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:ND

CVSSv3

Base Score: 4.2

Temporal Score: 3.6

Vector: CVSS3#AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:apache:http_server

Reference Information

CVE: CVE-2006-5989

BID: 21214