Multiple Kerberos vulnerabilities (ID: 152773)
Pekka Savola
pekkas at netcore.fi
Tue Jun 7 07:49:41 UTC 2005
On Fri, 3 Jun 2005, Jim Popovitch wrote:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152773
>
> I believe that this problem only affects those using Kerberos with a
> KDC, and that it does NOT affect those that just happen to have
> krb5-libs installed (due to RPM dependencies).
At least CAN-2004-0642 seems to affect the library as well, so it
could be an attack vector. I have not analyzed the code to see if
this is true or not. This may also be possible for some of the other
CAN's.
By the way, #154276 (waiting for publish) includes superset of fixes,
also bugfixing the two telnet client vulnerabilities. I suggest folks
give it a PUBLISH and after it has been rebuilt for updates-testing,
verify it instead.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the fedora-legacy-list
mailing list