Jump to content

Advisories MDVSA-2010:202-1: krb5


paul
 Share

Recommended Posts

A vulnerability was discovered and corrected in krb5:

 

The merge_authdata function in kdc_authdata.c in the Key Distribution

Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does

not properly manage an index into an authorization-data list, which

allows remote attackers to cause a denial of service (daemon crash),

or possibly obtain sensitive information, spoof authorization,

or execute arbitrary code, via a TGS request, as demonstrated by a

request from a Windows Active Directory client (CVE-2010-1322).

 

The updated packages have been patched to correct this issue.

 

Update:

 

Update packages for MES5 were missing with the MDVSA-2010:202

advisory. This advisory provides the update packages.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...