Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades.
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt http://www.vuxml.org/freebsd/64f24a1e-66cf-11e0-9deb-f345f3aa24f0.html
Insight
The following package is affected: krb5
CVE-2010-4022
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process 'exits abnormally,' which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.
Severity
Classification
-
CVE CVE-2010-4022 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities