Oval Definition:	oval:org.mitre.oval:def:23502
Revision Date: 2014-05-26 Version: 26 Title: ELSA-2010:0925: krb5 security and bug fix update (Important) Description: MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2010-1323 CVE-2010-1324 CVE-2010-4020 ELSA-2010:0925-01 Platform(s): Oracle Linux 6 Product(s): krb5 Definition Synopsis Oracle Linux 6.x AND rpm test krb5-devel is earlier than 0:1.8.2-3.el6_0.3 OR krb5-server-ldap is earlier than 0:1.8.2-3.el6_0.3 OR krb5-workstation is earlier than 0:1.8.2-3.el6_0.3 OR krb5-libs is earlier than 0:1.8.2-3.el6_0.3 OR krb5-pkinit-openssl is earlier than 0:1.8.2-3.el6_0.3 OR krb5-server is earlier than 0:1.8.2-3.el6_0.3 OR krb5 is earlier than 0:1.8.2-3.el6_0.3
BACK