[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Multiple Kerberos vulnerabilities (ID: 152773)

From: Pekka Savola <pekkas netcore fi>
To: Discussion of the Fedora Legacy Project <fedora-legacy-list redhat com>
Subject: Re: Multiple Kerberos vulnerabilities (ID: 152773)
Date: Tue, 7 Jun 2005 10:49:41 +0300 (EEST)

On Fri, 3 Jun 2005, Jim Popovitch wrote:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152773

I believe that this problem only affects those using Kerberos with a
KDC, and that it does NOT affect those that just happen to have
krb5-libs installed (due to RPM dependencies).

At least CAN-2004-0642 seems to affect the library as well, so it could be an attack vector. I have not analyzed the code to see if this is true or not. This may also be possible for some of the other CAN's.

By the way, #154276 (waiting for publish) includes superset of fixes, also bugfixing the two telnet client vulnerabilities. I suggest folks give it a PUBLISH and after it has been rebuilt for updates-testing, verify it instead.

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Multiple Kerberos vulnerabilities (ID: 152773)
  - From: Jim Popovitch

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]