Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2007:004: krb5 Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the krb5 package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2007:004 (krb5).
Various bugs in the Kerberos5 libraries and tools were fixed which
could be used by remote attackers to crash and potentially execute
code in kadmind.
- CVE-2006-6144 / MITKRB5-SA-2006-002: the RPC library could call an
uninitialized function pointer, which created a security
vulnerability for kadmind.
- CVE-2006-6143 / MITKRB5-SA-2006-003: the GSS-API mechglue layer
could fail to initialize some output pointers, causing callers to
attempt to free uninitialized pointers. This caused a security
vulnerability in kadmind.
Solution : http://www.suse.de/security/http://www.novell.com/linux/security/advisories/2007_04_krb5.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.