Pufferüberlauf in krb5 (Fedora Core 2)
ID: | FEDORA-2005-269 |
Distribution: | Fedora |
Plattformen: | Fedora Core 2 |
Datum: | Di, 29. März 2005, 13:00 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0469 |
Applikationen: | MIT Kerberos |
Originalnachricht |
|
--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-269 2005-03-29 --------------------------------------------------------------------- Product : Fedora Core 2 Name : krb5 Version : 1.3.6 Release : 4 Summary : The Kerberos network authentication system. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. --------------------------------------------------------------------- Update Information: Updated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468 and CAN-2005-0469 to these issues. --------------------------------------------------------------------- * Wed Mar 23 2005 Nalin Dahyabhai |