Full Disclosure mailing list archives
rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
From: rPath Update Announcements <announce-noreply () rpath com>
Date: Wed, 04 Apr 2007 04:23:59 -0400
rPath Security Advisory: 2007-0063-1 Published: 2007-04-04 Products: rPath Linux 1 Rating: Critical Exposure Level Classification: Remote Root Deterministic Unauthorized Access Updated Versions: krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1 krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1 krb5-services=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1 krb5-test=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1 krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216 https://issues.rpath.com/browse/RPL-1212 Description: Previous versions of the krb5 package are vulnerable to three attacks that can be triggered remotely, one of which is known to provide unauthenticated unrestricted shell access to any system running the krb5 telnet daemon. rPath Linux systems are not automatically configured with vulnerable daemons enabled. Systems configured as kerberos administrative servers are vulnerable. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation rPath Update Announcements (Apr 04)