Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 202011-17 ] MIT Kerberos 5
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2487

PostPosted: Mon Nov 16, 2020 4:26 am    Post subject: [ GLSA 202011-17 ] MIT Kerberos 5 Reply with quote

Gentoo Linux Security Advisory

Title: MIT Kerberos 5: Denial of service (GLSA 202011-17)
Severity: low
Exploitable: remote
Date: 2020-11-16
Bug(s): #753281
ID: 202011-17

Synopsis

A vulnerability in MIT Kerberos 5 could lead to a Denial of Service
condition.


Background

The MIT Kerberos 5 implementation provides a command line telnet client
which is used for remote login via the telnet protocol.


Affected Packages

Package: app-crypt/mit-krb5
Vulnerable: < 1.18.2-r2
Unaffected: >= 1.18.2-r2
Architectures: All supported architectures


Description

It was discovered that MIT Kerberos network authentication system, krb5,
did not properly handle ASN.1-encoded Kerberos messages.


Impact

A remote attacker could send a specially crafted Kerberos message,
possibly resulting in a Denial of Service condition.


Workaround

There is no known workaround at this time.

Resolution

All MIT Kerberos 5 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.18.2-r2"
   


References

CVE-2020-28196
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum