Full Disclosure mailing list archives
rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
From: rPath Update Announcements <announce-noreply () rpath com>
Date: Thu, 06 Sep 2007 14:31:25 -0400
rPath Security Advisory: 2007-0179-1 Published: 2007-09-06 Products: rPath Linux 1 Rating: Critical Exposure Level Classification: Remote Root Deterministic Unauthorized Access Updated Versions: krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1 krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1 krb5-services=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1 krb5-test=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1 krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999 https://issues.rpath.com/browse/RPL-1696 Description: Previous versions of the krb5 package are vulnerable to an unauthenticated remote arbitrary code execution attack against the kadmind server. rPath Linux systems are not automatically configured with kadmind enabled. Systems configured as kerberos administrative servers are vulnerable. Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation rPath Update Announcements (Sep 06)