Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Gentoo: GLSA-202011-17 Low: MIT Kerberos 5 Denial Of Service

gentoo
Calendar Grey November 15, 2020
Dist Gentoo Esm H88
An announcement from Gentoo highlights a minor vulnerability in MIT Kerberos 5 that could lead to a denial of service. Users are advised to update for enhanced security.
A vulnerability in MIT Kerberos 5 could lead to a Denial of Service condition.

Summary

It was discovered that MIT Kerberos network authentication system, krb5, did not properly handle ASN.1-encoded Kerberos messages.

Topics%20covered

Topics Covered

security advisory denial of service gentoo low severity mit kerberos

Resolution

All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.18.2-r2"

References

[ 1 ] CVE-2020-28196 https://nvd.nist.gov/vuln/detail/CVE-2020-28196

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202011-17
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
low
Lowest
Low
Medium
High
Critical

Severity: Low
Title: MIT Kerberos 5: Denial of service
Date: November 16, 2020
Bugs: #753281
ID: 202011-17

Topics%20covered

Topics Covered

security advisory denial of service gentoo low severity mit kerberos

Synopsis

A vulnerability in MIT Kerberos 5 could lead to a Denial of Service condition.

Background

The MIT Kerberos 5 implementation provides a command line telnet client which is used for remote login via the telnet protocol.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-crypt/mit-krb5 < 1.18.2-r2 >= 1.18.2-r2

Impact

===== A remote attacker could send a specially crafted Kerberos message, possibly resulting in a Denial of Service condition.

Workaround

There is no known workaround at this time.

Your message here