what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Technical Cyber Security Alert 2008-79B

Technical Cyber Security Alert 2008-79B
Posted Mar 19, 2008
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA08-079B - The MIT Kerberos implementation contains several vulnerabilities. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, compromise the key database or cause a denial of service on a vulnerable system.

tags | advisory, remote, denial of service, arbitrary, vulnerability
SHA-256 | cee3360a4020b0af9c33fbf01ff92e0fa1409b63757f5f4e421cdc173099709e

Technical Cyber Security Alert 2008-79B

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA08-079B


MIT Kerberos Updates for Multiple Vulnerabilities

Original release date: March 19, 2008
Last revised: --
Source: US-CERT

Systems Affected

* MIT Kerberos

Overview

The MIT Kerberos implementation contains several vulnerabilities.
Exploitation of these vulnerabilities could allow a remote,
unauthenticated attacker to execute arbitrary code, compromise the key
database or cause a denial of service on a vulnerable system.

I. Description

The MIT Kerberos Development Team has released MIT krb5 Security
Advisory 2008-002 to address vulnerabilities in multiple versions of
MIT Kerberos. More information about these vulnerabilities can be
found in VU#895609 and VU#374121.

II. Impact

Potential consequences include arbitrary code execution, key database
compromise, and denial of service.

III. Solution

Install updates from your vendor

Check with your vendors for patches or updates. For information about
a vendor, please see the systems affected section in vulnerability
notes VU#895609 and VU#374121 or contact your vendor directly.
Administrators who compile MIT Kerberos from source should refer to
MIT Security Advisory 2008-002 for more information.

IV. References

* US-CERT Vulnerability Note VU#895609 -
<http://www.kb.cert.org/vuls/id/895609>

* US-CERT Vulnerability Note VU#374121 -
<http://www.kb.cert.org/vuls/id/374121>

* MIT krb5 Security Advisory 2008-002 -
<http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt2>

_________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA08-079B.html>
_________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-079B Feedback VU#895609" in the
subject.
_________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________

Produced 2008 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

March 19, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR+E+pPRFkHkM87XOAQK1jwf/ZDEomMLCZvsmN7KVXa0Il5PqXlfRvG2Y
jdWPUCi92qmgvm8LdqoNgAUxnUGYzCHLQzw8ebmnz37AMigDNsYIzFHStgnoJDVi
iK6UGC6gHLnGJFuG+otEC9jZaVeIiUbKddB2+vzvmDWLnvIsyxzmHf6lJe0IrZlH
ho/cCgpfRctgZHM5Ke+pPPqMjZZ7u0OUQnM7MIcSsZbKxw8x2CyUpaSiheMDhf8p
8JGyx+nkyvZoja6Ee4WCRq3xtVaUlp/sg8IZYY5nav2VuSh15rJXLJCWDBXUU+oV
aAXPa2JEx5Cn3S0CFz8SIJ4NoLUp09usVMFyeNd57FMBKRjTAC/DBw==
=4wkz
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close