Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer underflow that leads to heap memory corruption CVE-2009-4212. Remote attackers could potentially exploit that to execute arbitrary code.
openSUSE 11.2 is also affected by the following problem:
Specially crafted ticket requests could crash the kerberos server CVE-2009-3295.
Affected
krb5 on openSUSE 11.0, openSUSE 11.1, openSUSE 11.2, SLES 11
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3295, CVE-2009-4212 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities