Kerberos: Moderate Security Update

Users of Kerberos please be advised of a Moderate security update that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

RHSA-2010:0926-01: [RHSA-2010:0926-01] Moderate: krb5 security update
Product: Red Hat Enterprise Linux
Synopsis: Moderate: krb5 security update
3. Description:

Kerberos is a network authentication system which allows clients and

servers to authenticate to each other using symmetric encryption and a

trusted third party, the Key Distribution Center (KDC).

Multiple checksum validation flaws were discovered in the MIT Kerberos

implementation. A remote attacker could use these flaws to tamper with

certain Kerberos protocol packets and, possibly, bypass authentication

mechanisms in certain configurations using Single-use Authentication

Mechanisms. (CVE-2010-1323)

All krb5 users should upgrade to these updated packages, which contain a

backported patch to correct these issues. After installing the updated

packages, the krb5kdc daemon will be restarted automatically.

Read more at http://www.criticalwatch.com

 

Advertisements