search.internet.com

Become a Marketplace Partner internet.commerce Be a Commerce Partner Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Technology Jobs LinuxToday Newsletters Subscribe News Subscribe PR Subscribe Security internet.com IT Developer Internet News Small Business Personal Technology Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers

Current Newswire: 3 Easy ways to try out Linux Amahi Linux Home Server 4.2 Matthias Ettrich Receives German Federal Cross of Merit Using Windows Is Like... Installing Ubuntu 9.10 Hands-on: OpenMoko WikiReader is simple, appealing Perl far from dead, more popular than you think Microsoft Exchange alternatives Kubuntu 9.10: A Mixed Bag Could Microsoft switch to Linux? UNIX System Administrator - SUN Solaris, Veritas, EMC, Shell Scripting, SAN (NYC) Next Step Systems US-NY-New York Post A Job | Post A Resume Gentoo Linux Advisory: mit-krb5 Jun 29, 2004, 18 :14 UTC (0 Talkback[s]) (1963 reads) Gentoo Linux Security Advisory GLSA 200406-21 http://security.gentoo.org/ Severity: High Title: mit-krb5: Multiple buffer overflows in krb5_aname_to_localname Date: June 29, 2004 Bugs: #52744 ID: 200406-21 Synopsis mit-krb5 contains multiple buffer overflows in the function krb5_aname_to_localname(). This could potentially lead to a complete remote system compromise. Background mit-krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Affected packages Package Vulnerable Unaffected 1 app-crypt/mit-krb5 <= 1.3.3 >= 1.3.3-r1 Description The library function krb5_aname_to_localname() contains multiple buffer overflows. This is only exploitable if explicit mapping or rules-based mapping is enabled. These are not enabled as default. With explicit mapping enabled, an attacker must authenticate using a principal name listed in the explicit mapping list. With rules-based mapping enabled, an attacker must first be able to create arbitrary principal names either in the local realm Kerberos realm or in a remote realm from which the local realm's service are reachable by cross-realm authentication. Impact An attacker could use these vulnerabilities to execute arbitrary code with the permissions of the user running mit-krb5, which could be the root user. Workaround There is no known workaround at this time. All users are encouraged to upgrade to the latest available version. Resolution mit-krb5 users should upgrade to the latest version: # emerge sync # emerge -pv ">=app-crypt/mit-krb5-1.3.3-r1" # emerge ">=app-crypt/mit-krb5-1.3.3-r1" References [ 1 ] CAN-2004-0523 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0523 [ 2 ] MIT krb5 Security Advisory http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200406-21.xml Concerns? Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License Copyright 2004 Gentoo Technologies, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/1.0 No talkbacks posted.   Home | Search Talkbacks | Customize View    Top of Page   Enter your comments below: * Your Name: * Your Email Address: * Subject: CC: [will also send this talkback to an E-Mail address] * Comments: Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content. Fields marked with * are required!

All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP Search: WebMediaBrands Corporate Info Legal Notices, Licensing, Reprints, Permissions, Privacy Policy. Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs Solutions Whitepapers and eBooks Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications Adobe Article: Java Developers Finding a Home at Adobe Flex IBM Articles: A Smarter Business Needs Smarter Technology Intel Xeon Processor Increases Server Efficiency and Capabilities Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise Oracle Whitepaper: Using Oracle In-Memory Database Cache to Accelerate the Oracle Database Oracle Whitepapers - Innovation for IT Leaders Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT Internet.com eBook: IT Manager's Guide to Social Networking Internet.com eBook: Get Ready for Windows 7 Microsoft Article: Expression Web 3--New Features for PHP Developers Whitepapers: Manage Your Business Infrastracture with IBM Whitepaper: Maximize Your Storage Investment with HP Internet.com eBook: Becoming a Better Project Manager Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration MORE WHITEPAPERS, EBOOKS, AND ARTICLES Webcasts Webcast: Connecting PHP to Microsoft Technologies Video: Microsoft Partner Program Benefits Video: Windows Azure Debugging Tips SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports IBM Webcast: Speed Business Innovation with Reduced Cost and Risk Video: Deploy Applications on Windows Azure MORE WEBCASTS, PODCASTS, AND VIDEOS Downloads and eKits Downloads & Free Trials: Microsoft's New Efficiency Resource Center Get the Windows 7 SDK Free Trial: Red Gate SQL Backup Pro 6 Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS Tutorials and Demos Virtual Lab: Migrating PHP Applications Enabling Web Slices and Accelerators with a PHP Site Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products All About Botnets MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES