Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation

From: rPath Update Announcements <announce-noreply () rpath com>
Date: Wed, 04 Apr 2007 04:23:59 -0400
rPath Security Advisory: 2007-0063-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
    Remote Root Deterministic Unauthorized Access
Updated Versions:
    krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
    krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
    krb5-services=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
    krb5-test=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
    krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
    https://issues.rpath.com/browse/RPL-1212

Description:
    Previous versions of the krb5 package are vulnerable to three attacks
    that can be triggered remotely, one of which is known to provide
    unauthenticated unrestricted shell access to any system running
    the krb5 telnet daemon.  rPath Linux systems are not automatically
    configured with vulnerable daemons enabled.  Systems configured as
    kerberos administrative servers are vulnerable.
Previous By Date Next
Previous By Thread Next

Current thread: