| Revision Date: | 2005-01-19 | Version: | 502 |
| Title: | RHSA-2005:012: krb5 security update (Moderate) |
| Description: | Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other.
A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This bug could allow an authenticated remote attacker to execute arbitrary commands on a realm's master Kerberos KDC. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1189 to this issue.
Additionally a temporary file bug was found in the Kerberos krb5-send-pr program. It is possible that an attacker could create a temporary file that would allow an arbitrary file to be overwritten which the victim has write access to. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0971 to this issue.
All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2004-0971
CVE-2004-1189
RHSA-2005:012-01
|
| Platform(s): | Red Hat Enterprise Linux 3
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux 3 is installed AND Package Information
krb5-libs is earlier than 0:1.2.7-38
AND krb5-libs is signed with Red Hat master key
OR
krb5-devel is earlier than 0:1.2.7-38
AND krb5-devel is signed with Red Hat master key
OR
krb5-server is earlier than 0:1.2.7-38
AND krb5-server is signed with Red Hat master key
OR
krb5 is earlier than 0:1.2.7-38
AND krb5 is signed with Red Hat master key
OR
krb5-workstation is earlier than 0:1.2.7-38
AND krb5-workstation is signed with Red Hat master key
|