Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation

From: rPath Update Announcements <announce-noreply () rpath com>
Date: Thu, 06 Sep 2007 14:31:25 -0400
rPath Security Advisory: 2007-0179-1
Published: 2007-09-06
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
    Remote Root Deterministic Unauthorized Access
Updated Versions:
    krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1
    krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1
    krb5-services=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1
    krb5-test=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1
    krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999
    https://issues.rpath.com/browse/RPL-1696

Description:
    Previous versions of the krb5 package are vulnerable to an
    unauthenticated remote arbitrary code execution attack against
    the kadmind server.  rPath Linux systems are not automatically
    configured with kadmind enabled.  Systems configured as kerberos
    administrative servers are vulnerable.

Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: