Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201201-13 ] MIT Kerberos 5: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1706

PostPosted: Tue Jan 24, 2012 12:26 am    Post subject: [ GLSA 201201-13 ] MIT Kerberos 5: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: MIT Kerberos 5: Multiple vulnerabilities (GLSA 201201-13)
Severity: high
Exploitable: remote
Date: January 23, 2012
Bug(s): #303723, #308021, #321935, #323525, #339866, #347369, #352859, #359129, #363507, #387585, #393429
ID: 201201-13

Synopsis

Multiple vulnerabilities have been found in MIT Kerberos 5, the
most severe of which may allow remote execution of arbitrary code.


Background

MIT Kerberos 5 is a suite of applications that implement the Kerberos
network protocol.


Affected Packages

Package: app-crypt/mit-krb5
Vulnerable: < 1.9.2-r1
Unaffected: >= 1.9.2-r1
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please
review the CVE identifiers referenced below for details.


Impact

A remote attacker may be able to execute arbitrary code with the
privileges of the administration daemon or the Key Distribution Center
(KDC) daemon, cause a Denial of Service condition, or possibly obtain
sensitive information. Furthermore, a remote attacker may be able to
spoof Kerberos authorization, modify KDC responses, forge user data
messages, forge tokens, forge signatures, impersonate a client, modify
user-visible prompt text, or have other unspecified impact.


Workaround

There is no known workaround at this time.

Resolution

All MIT Kerberos 5 users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.9.2-r1"
   


References

CVE-2009-3295
CVE-2009-4212
CVE-2010-0283
CVE-2010-0629
CVE-2010-1320
CVE-2010-1321
CVE-2010-1322
CVE-2010-1323
CVE-2010-1324
CVE-2010-4020
CVE-2010-4021
CVE-2010-4022
CVE-2011-0281
CVE-2011-0282
CVE-2011-0283
CVE-2011-0284
CVE-2011-0285
CVE-2011-1527
CVE-2011-1528
CVE-2011-1529
CVE-2011-1530
CVE-2011-4151


Last edited by GLSA on Wed Nov 20, 2013 4:30 am; edited 2 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum