Multiple Vendor Kerberos 4 Temporary File Race Condition Vulnerability

Solution:
Upgrade to KTH Kerberos 4 version 1.0.4. NetBSD has released a patch for NetBSD 1.5.

MIT has released krb5-1.2.2 which incorporates a fix for this. A patch for the krb4 library is also available if upgrading to this version is not feasible.


KTH Kerberos 4 1.0

KTH Kerberos 4 1.0.3

MIT Kerberos 5 1.2.1


 

Privacy Statement
Copyright 2010, SecurityFocus