Gentoo: 202304-15 Significant: openssl Vulnerabilities and Risks
gentoo
March 31, 2003
There are multiple vulnerabilities in krb5.
Summary
- - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-28 - - --------------------------------------------------------------------- CAN-2003-0072 CAN-2003-0028
- - ---------------------------------------------------------------------
- From advisory: "An attacker who has successfully authenticated to the Kerberos administration daemon (kadmind) may be able to crash kadmind or induce it to leak sensitive information, such as secret keys. For the attack to succeed, it is believed that the configuration of the kadmind installation must allow it to successfully allocate more than INT_MAX bytes of memory."
Read the full advisory at mit
- From advisory: "A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation included in the MIT krb5 distributi...Read the Full Advisory
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : krb5 & mit-krb5
SUMMARY : multiple vulnerabilities fixed
DATE : 2003-03-31 10:01 UTC
EXPLOIT : remote
VERSIONS AFFECTED : krb5: <1.2.7-r2 mit-krb5: <1.2.7 : fixed krb5: version>=1.2.7-r2 mit-krb5: >=1.2.7
CVE : CAN-2003-0139 CAN-2003-0138 CAN-2003-0082
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!