CentOS Update for krb5-devel CESA-2012:1131 centos6

Information

Severity

Severity

Critical

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

9.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

9 years ago

Modified

Modified

3 years ago

Summary

The remote host is missing an update for the 'krb5-devel' package(s) announced via the referenced advisory.

Insight

Insight

Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. (CVE-2012-1015) A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the 'create' privilege could use this flaw to crash kadmind. (CVE-2012-1013) Red Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015. All krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.

Affected Software

Affected Software

krb5-devel on CentOS 6

Solution

Solution

Please install the updated packages.

Common Vulnerabilities and Exposures (CVE)

Ready to dive in? Start your free trial today.

Companies of all sizes—from startups to Fortune 500s—use Mageni to scan their assets for vulnerabilities, reduce risk exposure and minimizing the likelihood of a data breach. Free for 7-days then $39 USD Monthly. No Contracts, Cancel at Anytime and 7-days Money-Back Guarantee.

Get Started For Free
App screenshot