|
|
Family: Debian Local Security Checks --> Category: infos
[DSA543] DSA-543-1 krb5 Vulnerability Scan
Vulnerability Scan Summary
DSA-543-1 krb5
Detailed Explanation for this Vulnerability Test
The MIT Kerberos Development Team has discovered a number of
vulnerabilities in the MIT Kerberos Version 5 software. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:
A double-free error may allow unauthenticated remote attackers to
execute arbitrary code on KDC or clients.
Several double-free errors may allow authenticated attackers to
execute arbitrary code on Kerberos application servers.
A remotely exploitable denial of service vulnerability has been
found in the KDC and libraries.
Several double-free errors may allow remote attackers to execute
arbitrary code on the server. This does not affect the version in
woody.
For the stable distribution (woody) these problems have been fixed in
version 1.2.4-5woody6.
For the unstable distribution (sid) these problems have been fixed in
version 1.3.4-3.
We recommend that you upgrade your krb5 packages.
Solution : http://www.debian.org/security/2004/dsa-543
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
