remote code execution in krb5

2010-01-19T17:05:33
ID SUSE-SA:2010:006
Type suse
Reporter Suse
Modified 2010-01-19T17:05:33

Description

Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer underflow that leads to heap memory corruption (CVE-2009-4212). Remote attackers could potentially exploit that to execute arbitrary code. openSUSE 11.2 is also affected by the following problem: Specially crafted ticket requests could crash the kerberos server (CVE-2009-3295).

Solution

There is no known workaround, please install the update packages.