Rapid7 Vulnerability & Exploit Database

RHSA-2005:045: krb5 security update

Back to Search

RHSA-2005:045: krb5 security update

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
12/31/2004
Created
07/25/2018
Added
10/28/2005
Modified
07/12/2017

Description

Updated Kerberos (krb5) packages that correct a buffer overflow bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This bug could allow an authenticated remote attacker to execute arbitrary commands on a realm's master Kerberos KDC. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1189 to this issue. All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues.

Solution(s)

  • redhat-upgrade-krb5-devel
  • redhat-upgrade-krb5-libs
  • redhat-upgrade-krb5-server
  • redhat-upgrade-krb5-workstation

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;