Oval Definition:	oval:org.mitre.oval:tst:36207
Comment: krb5-devel is earlier than 0:1.3.4-54.el4_6.1 Type: rpminfo_test Namespace: linux Check_Existence: at_least_one_exists Check: at least one State Operator: AND References Object: oval:org.mitre.oval:obj:14100 State: oval:org.mitre.oval:ste:10826 Referencing Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:8916 V The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." 2013-04-29 oval:org.mitre.oval:def:9496 V KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. 2013-04-29 oval:org.mitre.oval:def:10296 V Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. 2013-04-29
BACK