MIT Kerberos 5 ASN.1 Decoder Denial Of Service Vulnerability

Solution:
The vendor has released an advisory (MITKRB5-SA-2004-003) along with patches to resolve this issue. Please see the referenced advisory for further information.

Debian GNU/Linux has released an advisory (DSA 543-1) along with fixes to address this and other issues. Please see the referenced advisory for further information.

RedHat Linux has released advisory RHSA-2004:350-12 along with fixes to address this and other issues in RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information.

RedHat Linux has released advisories (FEDORA-2004-276, and FEDORA-2004-277) to address this and other issues for RedHat Fedora Core 1 and 2 respectively. Please see the referenced advisories for further information.

Cisco has released an advisory (cisco-sa-20040831-krb5) to address this and other issues for Cisco VPN 3000 series products. Please see the referenced advisory for further information on obtaining fixes.

Mandrake has released an advisory (MDKSA-2004:088) and fixes to address this issue. Please see the referenced advisory for further information on obtaining fixes.

Sun has released Security Alert ID 57631 along with fixes to address this issue. Please see the web reference for more information.

Trustix has released an advisory (TSL-2004-0045) to address various issues in kerberos5. Please see the referenced advisory for more information.

Gentoo advisory available. Users are advised to upgrade by performing the following steps:
emerge sync
emerge -pv ">=app-crypt/mit-krb5-1.3.4"
emerge ">=app-crypt/mit-krb5-1.3.4"

Conectiva has made advisory CLSA-2004:860 along with fixes available resolving these and other issues. Please see the referenced advisory for more information.

Avaya has released advisory ASA-2004-039 dealing with this issue. Please see the referenced web advisory for more information.

OpenPKG has released advisory OpenPKG-SA-2004.039 to address this, and other issues. Please see the referenced advisory for further information.

Turbolinux has released advisory TLSA-2004-22 to address this, and other issues. Please see the referenced advisory for further information.

IBM has released information about this issue affecting IBM Tivoli Access Manager for e-business version 5.1. Please see the IBM 'MIT Kerberos 5 Vulnerabilities' reference in Web references for more information about obtaining fixes.

Apple has released an advisory (APPLE-SA-2004-12-02) dealing with this and other issues. Please see the referenced advisory for more information.

Fedora Legacy has released security advisory FLSA:154276 addressing this issue for RedHat Linux 7.3 and 9, and for Fedora Core 1. Please see the referenced advisory for details on obtaining and applying the appropriate updates.


MIT Kerberos 5 1.2.2 -beta1

MIT Kerberos 5 1.2.4

MIT Kerberos 5 1.2.5

MIT Kerberos 5 1.2.6

MIT Kerberos 5 1.2.7

MIT Kerberos 5 1.2.8

MIT Kerberos 5 1.3 -alpha1

MIT Kerberos 5 1.3

MIT Kerberos 5 1.3.1

MIT Kerberos 5 1.3.2

MIT Kerberos 5 1.3.3

MIT Kerberos 5 1.3.4

Apple Mac OS X 10.2

Apple Mac OS X 10.2.1

Apple Mac OS X 10.2.2

Apple Mac OS X 10.2.3

Apple Mac OS X 10.2.4

Apple Mac OS X 10.2.5

Apple Mac OS X 10.2.7

Apple Mac OS X 10.2.8

Apple Mac OS X 10.3

Apple Mac OS X 10.3.1

Apple Mac OS X 10.3.2

Apple Mac OS X 10.3.3

Apple Mac OS X 10.3.4

Apple Mac OS X 10.3.5

Apple Mac OS X Server 10.3.6

IBM Tivoli Access Manager for e-business 5.1


 

Privacy Statement
Copyright 2010, SecurityFocus