[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] FLEA-2007-0008-1: krb5

To: foresight-security-announce@xxxxxxxxxxxxxxx
Subject: [Full-disclosure] FLEA-2007-0008-1: krb5
From: Foresight Linux Essential Announcement Service <foresight-security-noreply@xxxxxxxxxxxxxxxxxx>
Date: Thu, 05 Apr 2007 14:52:50 -0400

Foresight Linux Essential Advisory: 2007-0008-1
Published: 2007-04-05

Rating: Informational

Updated Versions:
     krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
     krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
     krb5-services=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
     krb5-test=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
     krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
     group-dist=/foresight.rpath.org@fl:1-devel//1/1.1-0.13-2

References:
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
     https://issues.rpath.com/browse/RPL-1212

Description:
     Previous versions of the krb5 package are vulnerable to three attacks that 
can be triggered remotely, one of which is known to provide unauthenticated 
unrestricted shell access to any system running the krb5 telnet daemon. 
Foresight Linux proper is not vulnerable to these attacks, since krb5-server is 
not included in Foresight.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Hackers uniting against Iran?
Next by Date: [Full-disclosure] FLEA-2007-0009-1: xorg-x11 freetype
Previous by thread: Re: [Full-disclosure] AN OUNCE OF PREVENTION...
Next by thread: [Full-disclosure] FLEA-2007-0009-1: xorg-x11 freetype
Index(es):
- Date
- Thread