| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 06 Sep 2007 14:31:25 -0400
From: rPath Update Announcements <announce-noreply@...th.com>
To: security-announce@...ts.rpath.com, update-announce@...ts.rpath.com
Cc: lwn@....net, full-disclosure@...ts.grok.org.uk, vulnwatch@...nwatch.org,
bugtraq@...urityfocus.com
Subject: rPSA-2007-0179-1 krb5 krb5-server krb5-services
krb5-test krb5-workstation
rPath Security Advisory: 2007-0179-1
Published: 2007-09-06
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
Remote Root Deterministic Unauthorized Access
Updated Versions:
krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1
krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1
krb5-services=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1
krb5-test=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1
krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.8-1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999
https://issues.rpath.com/browse/RPL-1696
Description:
Previous versions of the krb5 package are vulnerable to an
unauthenticated remote arbitrary code execution attack against
the kadmind server. rPath Linux systems are not automatically
configured with kadmind enabled. Systems configured as kerberos
administrative servers are vulnerable.
Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists