| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 04 Apr 2007 04:23:59 -0400
From: rPath Update Announcements <announce-noreply@...th.com>
To: security-announce@...ts.rpath.com, update-announce@...ts.rpath.com
Cc: lwn@....net, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: rPSA-2007-0063-1 krb5 krb5-server krb5-services
krb5-test krb5-workstation
rPath Security Advisory: 2007-0063-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
Remote Root Deterministic Unauthorized Access
Updated Versions:
krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-services=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-test=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
https://issues.rpath.com/browse/RPL-1212
Description:
Previous versions of the krb5 package are vulnerable to three attacks
that can be triggered remotely, one of which is known to provide
unauthenticated unrestricted shell access to any system running
the krb5 telnet daemon. rPath Linux systems are not automatically
configured with vulnerable daemons enabled. Systems configured as
kerberos administrative servers are vulnerable.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists