Subject: | |
From: | |
Reply To: | |
Date: | Mon, 6 Oct 2008 15:27:27 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: pam_krb5/krb5 security update
Issue date: 2008-10-02
CVE Names: CVE-2008-3825
pam_krb5 address the following security issue:
A flaw was found in the pam_krb5 "existing_ticket" configuration option. If
a system is configured to use an existing credential cache via the
"existing_ticket" option, it may be possible for a local user to gain
elevated privileges by using a different, local user's credential cache.
(CVE-2008-3825)
krb5 address the following bug:
* In cases where a server application began to sequentially iterate through
the contents of a keytab file, if it paused to call certain functions such
as krb5_rd_req() which encountered errors, a subsequent call to the
krb5_kt_next_entry() function could cause the calling application to crash.
The issue has been rectified and updated within these packages so that a
call to the krb5_kt_next_entry() function will not crash the calling
application.
SL 5.x
SRPMS:
pam_krb5-2.2.14-1.el5_2.1.src.rpm
krb5-1.6.1-25.el5_2.1.src.rpm
i386:
pam_krb5-2.2.14-1.el5_2.1.i386.rpm
krb5-devel-1.6.1-25.el5_2.1.i386.rpm
krb5-libs-1.6.1-25.el5_2.1.i386.rpm
krb5-server-1.6.1-25.el5_2.1.i386.rpm
krb5-workstation-1.6.1-25.el5_2.1.i386.rpm
x86_64:
pam_krb5-2.2.14-1.el5_2.1.i386.rpm
pam_krb5-2.2.14-1.el5_2.1.x86_64.rpm
krb5-devel-1.6.1-25.el5_2.1.i386.rpm
krb5-devel-1.6.1-25.el5_2.1.x86_64.rpm
krb5-libs-1.6.1-25.el5_2.1.i386.rpm
krb5-libs-1.6.1-25.el5_2.1.x86_64.rpm
krb5-server-1.6.1-25.el5_2.1.x86_64.rpm
krb5-workstation-1.6.1-25.el5_2.1.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|