Mandriva Update For Krb5 MDVSA-2011:077 (krb5) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in krb5: The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition (CVE-2011-0285). The updated packages have been patched to correct this issue.

Affected

krb5 on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2011-0285

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:019 (imlib2)
Mandrake Security Advisory MDVSA-2009:159 (mysql)
Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)
Mandrake Security Advisory MDVSA-2009:152 (pulseaudio)
Mandrake Security Advisory MDVSA-2009:009 (kvm)

Mandriva Update for krb5 MDVSA-2011:077 (krb5)

Take action and discover your vulnerabilities