[PLSA 2009-54] Mit-kerberos: Multiple Vulnerabilities
- Severity: 3
- Type: Remote
- Release Date: 2009-04-12
There are multiple implementation vulnerabilities in MIT krb5 which can cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.
An unauthenticated, remote attacker could cause a Kerberos application, including the Kerberos administration daemon
(kadmind) or the KDC to crash, and possibly to execute arbitrary code.
- mit-kerberos, all before 1.6.3-12-2
There are update(s) for mit-kerberos. You can update them via Package Manager or with a single command from console:
pisi up mit-kerberos