Oval Definition:oval:com.redhat.rhsa:def:20130942
Revision Date:2013-06-12Version:638
Title:RHSA-2013:0942: krb5 security update (Moderate)
Description:Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).

  • It was found that kadmind's kpasswd service did not perform any validation on incoming network packets, causing it to reply to all requests. A remote attacker could use this flaw to send spoofed packets to a kpasswd service that appear to come from kadmind on a different server, causing the services to keep replying packets to each other, consuming network bandwidth and CPU. (CVE-2002-2443)

    All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2002-2443
    CVE-2002-2443
    RHSA-2013:0942
    RHSA-2013:0942-01
    RHSA-2013:0942-01
    Platform(s):Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • krb5-devel is earlier than 0:1.6.1-70.el5_9.2
  • AND krb5-devel is signed with Red Hat redhatrelease2 key
  • krb5-libs is earlier than 0:1.6.1-70.el5_9.2
  • AND krb5-libs is signed with Red Hat redhatrelease2 key
  • krb5-server is earlier than 0:1.6.1-70.el5_9.2
  • AND krb5-server is signed with Red Hat redhatrelease2 key
  • krb5-server-ldap is earlier than 0:1.6.1-70.el5_9.2
  • AND krb5-server-ldap is signed with Red Hat redhatrelease2 key
  • krb5-workstation is earlier than 0:1.6.1-70.el5_9.2
  • AND krb5-workstation is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • krb5-devel is earlier than 0:1.10.3-10.el6_4.3
  • AND krb5-devel is signed with Red Hat redhatrelease2 key
  • krb5-libs is earlier than 0:1.10.3-10.el6_4.3
  • AND krb5-libs is signed with Red Hat redhatrelease2 key
  • krb5-pkinit-openssl is earlier than 0:1.10.3-10.el6_4.3
  • AND krb5-pkinit-openssl is signed with Red Hat redhatrelease2 key
  • krb5-server is earlier than 0:1.10.3-10.el6_4.3
  • AND krb5-server is signed with Red Hat redhatrelease2 key
  • krb5-server-ldap is earlier than 0:1.10.3-10.el6_4.3
  • AND krb5-server-ldap is signed with Red Hat redhatrelease2 key
  • krb5-workstation is earlier than 0:1.10.3-10.el6_4.3
  • AND krb5-workstation is signed with Red Hat redhatrelease2 key
  • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 6 Client is installed
  • OR Red Hat Enterprise Linux 6 Server is installed
  • OR Red Hat Enterprise Linux 6 Workstation is installed
  • OR Red Hat Enterprise Linux 6 ComputeNode is installed
  • AND
  • krb5-server-ldap is earlier than 0:1.10.3-10.el6_4.3
  • AND krb5-server-ldap is signed with Red Hat redhatrelease2 key
  • krb5-devel is earlier than 0:1.10.3-10.el6_4.3
  • AND krb5-devel is signed with Red Hat redhatrelease2 key
  • krb5-workstation is earlier than 0:1.10.3-10.el6_4.3
  • AND krb5-workstation is signed with Red Hat redhatrelease2 key
  • krb5-libs is earlier than 0:1.10.3-10.el6_4.3
  • AND krb5-libs is signed with Red Hat redhatrelease2 key
  • krb5-pkinit-openssl is earlier than 0:1.10.3-10.el6_4.3
  • AND krb5-pkinit-openssl is signed with Red Hat redhatrelease2 key
  • krb5-server is earlier than 0:1.10.3-10.el6_4.3
  • AND krb5-server is signed with Red Hat redhatrelease2 key
  • krb5 is earlier than 0:1.10.3-10.el6_4.3
  • AND krb5 is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • krb5-server-ldap is earlier than 0:1.6.1-70.el5_9.2
  • AND krb5-server-ldap is signed with Red Hat redhatrelease key
  • krb5-devel is earlier than 0:1.6.1-70.el5_9.2
  • AND krb5-devel is signed with Red Hat redhatrelease key
  • krb5-workstation is earlier than 0:1.6.1-70.el5_9.2
  • AND krb5-workstation is signed with Red Hat redhatrelease key
  • krb5-libs is earlier than 0:1.6.1-70.el5_9.2
  • AND krb5-libs is signed with Red Hat redhatrelease key
  • krb5-server is earlier than 0:1.6.1-70.el5_9.2
  • AND krb5-server is signed with Red Hat redhatrelease key
  • krb5 is earlier than 0:1.6.1-70.el5_9.2
  • AND krb5 is signed with Red Hat redhatrelease key
  • BACK