Summary
This host is installed with Kerberos5 and is prone to Denial of Service vulnerability.
Impact
Successful exploitation will allow attacker to cause a denial of service.
Impact level: Application
Solution
Upgrade kerberos5 version 1.7.1 or Apply patch from below link, http://web.mit.edu/kerberos/www/
http://web.mit.edu/kerberos/advisories/2009-003-patch.txt
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Insight
The flaw is caused by a NULL pointer dereference error in the KDC cross-realm referral processing implementation, which could allow an unauthenticated remote attacker to cause KDC to crash.
Affected
kerberos5 version prior to 1.7.1
References
Severity
Classification
-
CVE CVE-2009-3295 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache APR-Utils Multiple Denial of Service Vulnerabilities
- Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability
- Apple Safari Malformed URI Remote DoS Vulnerability (Win)
- Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Mac OS X)
- ejabberd 'mod_pubsub' Module Denial of Service Vulnerability