Oval Definition:oval:com.redhat.rhsa:def:20050012
Revision Date:2005-01-19Version:502
Title:RHSA-2005:012: krb5 security update (Moderate)
Description:Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other.

A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This bug could allow an authenticated remote attacker to execute arbitrary commands on a realm's master Kerberos KDC. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1189 to this issue.

Additionally a temporary file bug was found in the Kerberos krb5-send-pr program. It is possible that an attacker could create a temporary file that would allow an arbitrary file to be overwritten which the victim has write access to. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0971 to this issue.

All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues.
Family:unixClass:patch
Status:Reference(s):CVE-2004-0971
CVE-2004-1189
RHSA-2005:012-01
Platform(s):Red Hat Enterprise Linux 3
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 3 is installed
  • AND Package Information
  • krb5-libs is earlier than 0:1.2.7-38
  • AND krb5-libs is signed with Red Hat master key
  • OR
  • krb5-devel is earlier than 0:1.2.7-38
  • AND krb5-devel is signed with Red Hat master key
  • OR
  • krb5-server is earlier than 0:1.2.7-38
  • AND krb5-server is signed with Red Hat master key
  • OR
  • krb5 is earlier than 0:1.2.7-38
  • AND krb5 is signed with Red Hat master key
  • OR
  • krb5-workstation is earlier than 0:1.2.7-38
  • AND krb5-workstation is signed with Red Hat master key
    • BACK