Jump to content

Advisories MDVSA-2010:245: krb5


Recommended Posts

A vulnerability was discovered and corrected in krb5:


An unauthenticated remote attacker could alter a SAM-2 challenge,

affecting the prompt text seen by the user or the kind of response

sent to the KDC. Under some circumstances, this can negate the

incremental security benefit of using a single-use authentication

mechanism token. An unauthenticated remote attacker has a 1/256

chance of forging KRB-SAFE messages in an application protocol if the

targeted pre-existing session uses an RC4 session key. Few application

protocols use KRB-SAFE messages (CVE-2010-1323).


Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:



The updated packages have been patched to correct this issue.

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Create New...