Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0029
The remote host is missing updates announced in
advisory RHSA-2010:0029.

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other using symmetric encryption and a
trusted third party, the Key Distribution Center (KDC).

Multiple integer underflow flaws, leading to heap-based corruption, were
found in the way the MIT Kerberos Key Distribution Center (KDC) decrypted
ciphertexts encrypted with the Advanced Encryption Standard (AES) and
ARCFOUR (RC4) encryption algorithms. If a remote KDC client were able to
provide a specially-crafted AES- or RC4-encrypted ciphertext or texts, it
could potentially lead to either a denial of service of the central KDC
(KDC crash or abort upon processing the crafted ciphertext), or arbitrary
code execution with the privileges of the KDC (i.e., root privileges).

All krb5 users should upgrade to these updated packages, which contain a
backported patch to correct these issues. All running services using the
MIT Kerberos libraries must be restarted for the update to take effect.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-4212
BugTraq ID: 37749
Debian Security Information: DSA-1969 (Google Search)
HPdes Security Advisory: HPSBOV02682
HPdes Security Advisory: SSRT100495
RedHat Security Advisories: RHSA-2010:0029
RedHat Security Advisories: RHSA-2010:0095
CopyrightCopyright (c) 2010 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.