SuSE Update For Krb5 SUSE-SA:2010:006 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer underflow that leads to heap memory corruption CVE-2009-4212. Remote attackers could potentially exploit that to execute arbitrary code. openSUSE 11.2 is also affected by the following problem: Specially crafted ticket requests could crash the kerberos server CVE-2009-3295.

Affected

krb5 on openSUSE 11.0, openSUSE 11.1, openSUSE 11.2, SLES 11

References

http://www.novell.com/linux/security/advisories/2010_06_krb5.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3295, CVE-2009-4212
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for Cyrus IMAPD
SLES10: Security update for hplip17 and hplip17-hpijs
SLES10: Security update for kdegraphics3-pdf
SLES10: Security update for jasper
SLES10: Security update for Linux kernel

SuSE Update for krb5 SUSE-SA:2010:006

Take action and discover your vulnerabilities