remote code execution in krb5

ID SUSE-SA:2010:006
Type suse
Reporter Suse
Modified 2010-01-19T17:05:33


Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer underflow that leads to heap memory corruption (CVE-2009-4212). Remote attackers could potentially exploit that to execute arbitrary code. openSUSE 11.2 is also affected by the following problem: Specially crafted ticket requests could crash the kerberos server (CVE-2009-3295).


There is no known workaround, please install the update packages.