SuSE Update For Krb5 SUSE-SA:2007:004 Network Vulnerability

Impact

remote denial of service

Solution

Please Install the Updated Packages.

Insight

Various bugs in the Kerberos5 libraries and tools were fixed which could be used by remote attackers to crash and potentially execute code in kadmind. - CVE-2006-6144 / MITKRB5-SA-2006-002: the RPC library could call an uninitialized function pointer, which created a security vulnerability for kadmind. - CVE-2006-6143 / MITKRB5-SA-2006-003: the GSS-API mechglue layer could fail to initialize some output pointers, causing callers to attempt to free uninitialized pointers. This caused a security vulnerability in kadmind.

Affected

krb5 on openSUSE 10.2, SUSE LINUX 10.1, SUSE SLED 10, SUSE SLES 10

References

http://www.novell.com/linux/security/advisories/2007_04_krb5.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-6143, CVE-2006-6144
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for Java 1.4.2
SLES10: Security update for clamav
SLES10: Security update for net-snmp
SLES10: Security update for Mozilla XULRunner
SLES10: Security update for IBM Java 1.4.2

SuSE Update for krb5 SUSE-SA:2007:004

Take action and discover your vulnerabilities