Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2002:073-1: krb5 Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the krb5 package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2002:073-1 (krb5).
A stack buffer overflow in the implementation of the Kerberos v4 compatibility
administration daemon (kadmind4) in the krb5 package can be exploited to gain
unauthorized root access to a KDC host. Authentication to the daemon is not
required to successfully perform the attack and according to MIT at least one
exploit is known to exist. kadmind4 is used only by sites that require
compatibility with legacy administrative clients, and sites that do not have
these needs are likely not using kadmind4 and are not affected.
MandrakeSoft encourages all users who use Kerberos to upgrade to these packages
The /etc/rc.d/init.d/kadmin initscript improperly pointed to a non-existant
location for the kadmind binary. This update corrects the problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:073-1
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.