Full Disclosure mailing list archives
FLEA-2007-0008-1: krb5
From: Foresight Linux Essential Announcement Service <foresight-security-noreply () foresightlinux org>
Date: Thu, 05 Apr 2007 14:52:50 -0400
Foresight Linux Essential Advisory: 2007-0008-1 Published: 2007-04-05 Rating: Informational Updated Versions: krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1 krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1 krb5-services=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1 krb5-test=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1 krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1 group-dist=/foresight.rpath.org@fl:1-devel//1/1.1-0.13-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216 https://issues.rpath.com/browse/RPL-1212 Description: Previous versions of the krb5 package are vulnerable to three attacks that can be triggered remotely, one of which is known to provide unauthenticated unrestricted shell access to any system running the krb5 telnet daemon. Foresight Linux proper is not vulnerable to these attacks, since krb5-server is not included in Foresight. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FLEA-2007-0008-1: krb5 Foresight Linux Essential Announcement Service (Apr 05)