Original released date: 04 Apr 2007
Last revised: 04 Apr 2007
Summary: Three vulnerabilities discovered in krb5
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.
- The MIT krb5 telnet daemon (krb5-telnet) allows unauthorized login as an
arbitrary user, when presented with a specially crafted username.
Exploitation of this vulnerability is trivial.
- The library function krb5_klog_syslog() can write past the end of a
stack buffer. The Kerberos administration daemon (kadmind) as well as
the KDC, are vulnerable. Exploitation of this vulnerability is probably simple.
- The GSS-API library provided with MIT krb5 contains a vulnerability that may
allow a remote, authenticated attacker to execute arbitrary code or
cause a denial of service.
A user can gain unauthorized access to any account (including root) on
a host running telnetd.
The krb5 allows remote attackers to cause a host running kadmind to
execute arbitrary code.
The krb5 allows remote attackers to cause a denial of service.
- Turbolinux Appliance Server 2.0
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server