Test ID:	1.3.6.1.4.1.25623.1.0.67357
Category:	FreeBSD Local Security Checks
Title:	FreeBSD Ports: krb5
Summary:	The remote host is missing an update to the system; as announced in the referenced advisory.
Description:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: krb5 CVE-2010-1320 Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1320 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 39599 http://www.securityfocus.com/bid/39599 Bugtraq: 20100420 MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC (Google Search) http://www.securityfocus.com/archive/1/510843/100/0/threaded http://securitytracker.com/id?1023904 http://secunia.com/advisories/39656 http://secunia.com/advisories/39784 http://secunia.com/advisories/40220 SuSE Security Announcement: SUSE-SR:2010:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://www.ubuntu.com/usn/USN-940-1 http://www.vupen.com/english/advisories/2010/1001 http://www.vupen.com/english/advisories/2010/1192 http://www.vupen.com/english/advisories/2010/1481
Copyright	Copyright (C) 2010 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.