Package name
apache-mod_auth_kerb
Date
2006-11-23
Advisory ID
MDKSA-2006:218
Affected versions
CS4.0 x86_64 , CS4.0 i586

Problem description

An off-by-one error in the der_get_oid function in mod_auth_kerb 5.0
allows remote attackers to cause a denial of service (crash) via a
crafted Kerberos message that triggers a heap-based buffer overflow in
the component array.

Packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 0200c4ac02a6217d22edc05c74db3378  corporate/4.0/x86_64/apache-mod_auth_kerb-5.0-2.1.20060mlcs4.x86_64.rpm 
 7b3c02468f28a21609fa86c53af50951  corporate/4.0/SRPMS/apache-mod_auth_kerb-5.0-2.1.20060mlcs4.src.rpm

CS4.0 i586

 8ce7379b083881bad524a8f2c0f14e26  corporate/4.0/i586/apache-mod_auth_kerb-5.0-2.1.20060mlcs4.i586.rpm 
 7b3c02468f28a21609fa86c53af50951  corporate/4.0/SRPMS/apache-mod_auth_kerb-5.0-2.1.20060mlcs4.src.rpm

References