BugTraq
rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation Apr 04 2007 08:23AM
rPath Update Announcements (announce-noreply rpath com)
rPath Security Advisory: 2007-0063-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
Remote Root Deterministic Unauthorized Access
Updated Versions:
krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-services=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-test=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
https://issues.rpath.com/browse/RPL-1212

Description:
Previous versions of the krb5 package are vulnerable to three attacks
that can be triggered remotely, one of which is known to provide
unauthenticated unrestricted shell access to any system running
the krb5 telnet daemon. rPath Linux systems are not automatically
configured with vulnerable daemons enabled. Systems configured as
kerberos administrative servers are vulnerable.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus