-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0050-1 Published: 2007-09-06
Rating: Critical Updated Versions: krb5=/conary.rpath.com at rpl:devel//1/1.4.1-7.8-1 krb5-workstation=/conary.rpath.com at rpl:devel//1/1.4.1-7.8-1 group-dist=/[EMAIL PROTECTED]:1-devel//1/1.3.2-0.17-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4743 https://issues.rpath.com/browse/RPL-1696 Description: Previous versions of the krb5 package are vulnerable to an unauthenticated remote arbitrary code execution attack against the kadmind server. Foresight Linux systems are not automatically configured with kadmind enabled. Systems configured as kerberos administrative servers are vulnerable. 6 September 2007 Update: CVE-2007-4743 was also assigned to this vulnerability due to a problem with the originally published patch (for CVE-2007-3999), which did not fully correct the vulnerability. The update provided for rPath Linux used the revised patch, which fully corrected the vulnerability. Note: Foresight Linux is not vulnerable to CVE-2007-4000 (which was announced coincident with CVE-2007-3999); it does not apply to the version of kerberos included in Foresight Linux. Copyright 2007 rPath, Inc. Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFG4K06Wu/kq4lN9jkRAuKbAJ9qblGHisp1f4DiM/IKvUQybqgsIACcChnD Y7j17yIX+GQpE7EqnTDGPmU= =MAO3 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/