DSA-2052-1 krb5 -- null pointer dereferenceID: oval:org.secpod.oval:def:600143 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Shawn Emery discovered that in MIT Kerberos 5 , a system for authenticating users and services on a network, a null pointer dereference flaw in the Generic Security Service Application Program Interface library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially-crafted GSS-API token with a missing checksum field. For the stable distribution , this problem has been fixed in version 1.6.dfsg.4~beta1-5lenny4. For the testing distribution , this problem has been fixed in version 1.8.1+dfsg-3. For the testing distribution , this problem has been fixed in version 1.8.1+dfsg-3. We recommend that you upgrade your krb5 packages.