rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test krb5-workstation

[rPath Update Announcements <announce-noreply@xxxxxxxxx>]

rPath Security Advisory: 2007-0063-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
    Remote Root Deterministic Unauthorized Access
Updated Versions:
    krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
    krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
    krb5-services=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
    krb5-test=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
    krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
    https://issues.rpath.com/browse/RPL-1212

Description:
    Previous versions of the krb5 package are vulnerable to three attacks
    that can be triggered remotely, one of which is known to provide
    unauthenticated unrestricted shell access to any system running
    the krb5 telnet daemon.  rPath Linux systems are not automatically
    configured with vulnerable daemons enabled.  Systems configured as
    kerberos administrative servers are vulnerable.