Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19443
HistoryMar 19, 2008 - 12:00 a.m.

US-CERT Technical Cyber Security Alert TA08-079B -- MIT Kerberos Updates for Multiple Vulnerabilities

2008-03-1900:00:00
vulners.com
10
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

    National Cyber Alert System

Technical Cyber Security Alert TA08-079B

MIT Kerberos Updates for Multiple Vulnerabilities

Original release date: March 19, 2008
Last revised: –
Source: US-CERT

Systems Affected

 * MIT Kerberos

Overview

The MIT Kerberos implementation contains several vulnerabilities.
Exploitation of these vulnerabilities could allow a remote,
unauthenticated attacker to execute arbitrary code, compromise the key
database or cause a denial of service on a vulnerable system.

I. Description

The MIT Kerberos Development Team has released MIT krb5 Security
Advisory 2008-002 to address vulnerabilities in multiple versions of
MIT Kerberos. More information about these vulnerabilities can be
found in VU#895609 and VU#374121.

II. Impact

Potential consequences include arbitrary code execution, key database
compromise, and denial of service.

III. Solution

Install updates from your vendor

Check with your vendors for patches or updates. For information about
a vendor, please see the systems affected section in vulnerability
notes VU#895609 and VU#374121 or contact your vendor directly.
Administrators who compile MIT Kerberos from source should refer to
MIT Security Advisory 2008-002 for more information.

IV. References

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA08-079B.html>

Feedback can be directed to US-CERT Technical Staff. Please send
email to <[email protected]> with "TA08-079B Feedback VU#895609" in the
subject.

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html&gt;.

Produced 2008 by US-CERT, a government organization.

Terms of use:

&lt;http://www.us-cert.gov/legal.html&gt;

Revision History

March 19, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR+E+pPRFkHkM87XOAQK1jwf/ZDEomMLCZvsmN7KVXa0Il5PqXlfRvG2Y
jdWPUCi92qmgvm8LdqoNgAUxnUGYzCHLQzw8ebmnz37AMigDNsYIzFHStgnoJDVi
iK6UGC6gHLnGJFuG+otEC9jZaVeIiUbKddB2+vzvmDWLnvIsyxzmHf6lJe0IrZlH
ho/cCgpfRctgZHM5Ke+pPPqMjZZ7u0OUQnM7MIcSsZbKxw8x2CyUpaSiheMDhf8p
8JGyx+nkyvZoja6Ee4WCRq3xtVaUlp/sg8IZYY5nav2VuSh15rJXLJCWDBXUU+oV
aAXPa2JEx5Cn3S0CFz8SIJ4NoLUp09usVMFyeNd57FMBKRjTAC/DBw==
=4wkz
-----END PGP SIGNATURE-----

JSON