Oval Definition:	oval:org.mitre.oval:def:9474
Revision Date: 2013-04-29 Version: 12 Title: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. Description: The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2009-0844 Platform(s): CentOS Linux 5 Oracle Linux 5 Red Hat Enterprise Linux 5 Product(s): Definition Synopsis RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 OR The operating system installed on the system is CentOS Linux 5.x OR Oracle Linux 5.x AND Configuration section krb5-workstation is earlier than 0:1.6.1-31.el5_3.3 OR krb5 is earlier than 0:1.6.1-31.el5_3.3 OR krb5-libs is earlier than 0:1.6.1-31.el5_3.3 OR krb5-server is earlier than 0:1.6.1-31.el5_3.3 OR krb5-devel is earlier than 0:1.6.1-31.el5_3.3
BACK