Hi we want to use our Active Directory KDC to manage service principals
for nfs and ssh for quite a few Linux and Solaris machines, and would
prefer to automate generating the service principals and installing them
on the clients. I was thinking that one way to approach this problem
could be b
On Tue, 03 Apr 2007 10:17:41 -0400
Rohit Kumar Mehta <[EMAIL PROTECTED]> wrote:
>
> Hi we want to use our Active Directory KDC to manage service principals
> for nfs and ssh for quite a few Linux and Solaris machines, and would
> prefer to automate generating the service principals and installi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MIT krb5 Security Advisory 2007-002
Original release: 2007-04-03
Last update: 2007-04-03
Topic: KDC, kadmind stack overflow in krb5_klog_syslog
Severity: CRITICAL
CVE: CVE-2007-0957
CERT: VU#704024
SUMMARY
===
The library fun
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MIT krb5 Security Advisory 2007-001
Original release: 2007-04-03
Last update: 2007-04-03
Topic: telnetd allows login as arbitrary user
Severity: CRITICAL
CVE: CVE-2007-0956
CERT: VU#220816
SUMMARY
===
The MIT krb5 telnet daem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MIT krb5 Security Advisory 2007-003
Original release: 2007-04-03
Last update: 2007-04-03
Topic: double-free vulnerability in kadmind (via GSS-API library)
Severity: CRITICAL
CVE: CVE-2007-1216
CERT: VU#419344
SUMMARY
===
The
Hi:
We use Active Directory to create User accounts and make the person
change his/her password the first time he/she logs on to any of our
machines (linux or windows). Changing password on the Windows machines
works just fine but no one can change their passwords on a linux
machine. Not just the
M <[EMAIL PROTECTED]> wrote:
> We use Active Directory to create User accounts and make the person
> change his/her password the first time he/she logs on to any of our
> machines (linux or windows). Changing password on the Windows machines
> works just fine but no one can change their passwords o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 3 Apr 2007 at 14:10 (-0400), Tom Yu wrote:
> AFFECTED SOFTWARE
> =
>
> * MIT krb5 releases through krb5-1.6
...
> The patch is available at
>
> http://web.mit.edu/kerberos/advisories/2007-002-patch.txt
Tom,
Is the above pat
> "mikef" == Mike Friedman <[EMAIL PROTECTED]> writes:
mikef> On Tue, 3 Apr 2007 at 14:10 (-0400), Tom Yu wrote:
>> AFFECTED SOFTWARE
>> =
>>
>> * MIT krb5 releases through krb5-1.6
mikef> ...
>> The patch is available at
>>
>> http://web.mit.edu/kerberos/advisories/2007-002-
Attached is a converted patch for 1.4.3 (closer to your 1.4.2). This
includes all three advisories. I just finished compiling, but haven't
tested it yet so use it at your own risk.
-Mike
Tom Yu wrote:
"mikef" == Mike Friedman <[EMAIL PROTECTED]> writes:
mikef> On Tue, 3 Apr 2007 at 14:10
Tom,
I need a copy of the 3 patches for 1.4.2/3 as well. Any help would be
much appreciated as I have run into the same issues with line numbers
mismatched.
Thanks!
-Eddie B.
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/
Mike,
What modifications did you make to your src/lib/kadm5/configure script?
There is mention in the advisory about making changes to detect
vsnprintf() but I am not exactly sure how to do that. I am not a
developer but need to patch our kerberos code for these 3 security issues.
-Eddie B.
_
Specifically,
diff -Nur krb5-040307/lib/kadm5/configure krb5/lib/kadm5/configure
--- krb5-040307/lib/kadm5/configure 2005-11-16 16:47:28.0 -0600
+++ krb5/lib/kadm5/configure2007-04-03 15:15:04.0 -0500
@@ -5453,7 +5453,7 @@
-for ac_func in openlog sys
Yep. Tried that. Same behavior. Its not just one linux machine, its
all linux machines that do this. So its something thats set
environment wide...I've ruled out the firewall...not sure what else it
could be.
Thx
Q
On 4/3/07, Christopher D. Clausen <[EMAIL PROTECTED]> wrote:
> M <[EMAIL PROTECTE
M <[EMAIL PROTECTED]> wrote:
> Yep. Tried that. Same behavior. Its not just one linux machine, its
> all linux machines that do this. So its something thats set
> environment wide...I've ruled out the firewall...not sure what else it
> could be.
What does your krb5.conf file look like?
Do you hav
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The MIT Kerberos Development Team and Secure Endpoints Inc. are proud to
announce the first beta release of MIT's Kerberos for Windows product,
Version 3.2.
Please send bug reports and feedback to [EMAIL PROTECTED]
What's New:
===
* Ne
Is a new version of the 1.5.x branch planned with fixes to the three holes
planned?
signature.asc
Description: Digital signature
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
17 matches
Mail list logo
