6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for
authenticating users and services on a network, a null pointer
dereference flaw in the Generic Security Service Application Program
Interface (GSS-API) library could allow an authenticated remote attacker
to crash any server application using the GSS-API authentication
mechanism, by sending a specially-crafted GSS-API token with a missing
checksum field.
For the stable distribution (lenny), this problem has been fixed in
version 1.6.dfsg.4~beta1-5lenny4.
For the testing distribution (squeeze), this problem has been fixed in
version 1.8.1+dfsg-3.
For the unstable distribution (sid), this problem has been fixed in
version 1.8.1+dfsg-3.
We recommend that you upgrade your krb5 packages.
CPE | Name | Operator | Version |
---|---|---|---|
krb5 | eq | 1.6.dfsg.4~beta1-5lenny3 | |
krb5 | eq | 1.6.dfsg.4~beta1-5lenny2 | |
krb5 | eq | 1.6.dfsg.4~beta1-5 | |
krb5 | eq | 1.6.dfsg.4~beta1-5lenny1 |