Rapid7 Vulnerability & Exploit Database

RHSA-2006:0746: mod_auth_kerb security update

Back to Search

RHSA-2006:0746: mod_auth_kerb security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
11/20/2006
Created
07/25/2018
Added
12/15/2006
Modified
07/12/2017

Description

Updated mod_auth_kerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team.

mod_auth_kerb is module for the Apache HTTP Server designed to provide Kerberos authentication over HTTP. An off by one flaw was found in the way mod_auth_kerb handles certain Kerberos authentication messages. A remote client could send a specially crafted authentication request which could crash an httpd child process (CVE-2006-5989). A bug in the handling of multiple realms configured using the "KrbAuthRealms" directive has also been fixed. All users of mod_auth_kerb should upgrade to these updated packages, which contain backported patches that resolve these issues.

Solution(s)

  • redhat-upgrade-mod_auth_kerb

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;