English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2003-29
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date : 16 Apr 2003
 Last revised           : 16 Apr 2003

 Package : krb5

 Summary : Multiple vulnerabilities in krb5

 More information :
     - A faulty length check in the RPC library exposes kadmind to
       an integer overflow.
     - A vulnerability may allow the use of cut-and-paste attacks to
       fabricate krb4 tickets for unauthorized client principals
       if triple-DES keys are used to key krb4 services.
     - Buffer overrun and underrun problems exist in Kerberos principal name
       handling in unusual cases, such as names with zero components, names
       with one empty component, or host-based service principal names with
       no host name component.

 Impact :
    These vulnerabilities may allow remote attackers to gain the realm
    and to cause a denial of krb5 service.

 Affected Products :
    - Turbolinux 8 Server

 Solution :
    Please use turbopkg tool to apply the update.


 <Turbolinux 8 Server>

   Source Packages
   Size : MD5

   krb5-1.2.5-7.src.rpm
      5514010 aa5aca2657cc4e00cc28f7a231127df3

   Binary Packages
   Size : MD5

   krb5-devel-1.2.5-7.i586.rpm
       587202 0229110dac74cf5451691e97f908d332
   krb5-libs-1.2.5-7.i586.rpm
       638930 85ad16766e2df975d45ca13ddbf6a58c
   krb5-server-1.2.5-7.i586.rpm
       602179 78e2091747be2bce0c04bfc5a5cea810
   krb5-workstation-1.2.5-7.i586.rpm
       601625 d4e1033f3eefbd28dcc35fda28b012c3


 References :

 MIT krb5 Security Advisory
   [2003-003]
   http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt
   [2003-004]
   http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
   [2003-005]
   http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt

 Turbolinux Security Advisory
   [TLSA-2003-23]
   http://www.turbolinux.com/security/TLSA-2003-23.txt


 --------------------------------------------------------------------------
 Revision History
    16 Apr 2003 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2003 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+nRWNK0LzjOqIJMwRAlT0AJ9Re+pULjeTRTXPA9lHy478dj4fvgCgmpuB
8wctdSxkCtlGfNCGkrjKM7M=
=XqxT
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.