<<< Date Index >>>     <<< Thread Index >>>

FLEA-2007-0008-1: krb5



Foresight Linux Essential Advisory: 2007-0008-1
Published: 2007-04-05

Rating: Informational

Updated Versions:
    krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
    krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
    krb5-services=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
    krb5-test=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
    krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.1-0.13-2

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
    https://issues.rpath.com/browse/RPL-1212

Description:
Previous versions of the krb5 package are vulnerable to three attacks that can be triggered remotely, one of which is known to provide unauthenticated unrestricted shell access to any system running the krb5 telnet daemon. Foresight Linux proper is not vulnerable to these attacks, since krb5-server is not included in Foresight.