rPSA-2007-0063-1 krb5 krb5-server krb5-services krb5-test
rPath Security Advisory: 2007-0063-1
Published: 2007-04-04
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
Remote Root Deterministic Unauthorized Access
Updated Versions:
krb5=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-server=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-services=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-test=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
krb5-workstation=/conary.rpath.com@rpl:devel//1/1.4.1-7.6-1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
https://issues.rpath.com/browse/RPL-1212
Description:
Previous versions of the krb5 package are vulnerable to three attacks
that can be triggered remotely, one of which is known to provide
unauthenticated unrestricted shell access to any system running
the krb5 telnet daemon. rPath Linux systems are not automatically
configured with vulnerable daemons enabled. Systems configured as
kerberos administrative servers are vulnerable.