Joined: 12 May 2004
|Posted: Tue Jan 24, 2012 12:26 am Post subject: [ GLSA 201201-13 ] MIT Kerberos 5: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: MIT Kerberos 5: Multiple vulnerabilities (GLSA 201201-13)
Date: January 23, 2012
Bug(s): #303723, #308021, #321935, #323525, #339866, #347369, #352859, #359129, #363507, #387585, #393429
Multiple vulnerabilities have been found in MIT Kerberos 5, the
most severe of which may allow remote execution of arbitrary code.
MIT Kerberos 5 is a suite of applications that implement the Kerberos
Vulnerable: < 1.9.2-r1
Unaffected: >= 1.9.2-r1
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please
review the CVE identifiers referenced below for details.
A remote attacker may be able to execute arbitrary code with the
privileges of the administration daemon or the Key Distribution Center
(KDC) daemon, cause a Denial of Service condition, or possibly obtain
sensitive information. Furthermore, a remote attacker may be able to
spoof Kerberos authorization, modify KDC responses, forge user data
messages, forge tokens, forge signatures, impersonate a client, modify
user-visible prompt text, or have other unspecified impact.
There is no known workaround at this time.
All MIT Kerberos 5 users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.9.2-r1"
Last edited by GLSA on Wed Nov 20, 2013 4:30 am; edited 2 times in total
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum