On Fri, 3 Jun 2005, Jim Popovitch wrote:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152773 I believe that this problem only affects those using Kerberos with a KDC, and that it does NOT affect those that just happen to have krb5-libs installed (due to RPM dependencies).
At least CAN-2004-0642 seems to affect the library as well, so it could be an attack vector. I have not analyzed the code to see if this is true or not. This may also be possible for some of the other CAN's.
By the way, #154276 (waiting for publish) includes superset of fixes, also bugfixing the two telnet client vulnerabilities. I suggest folks give it a PUBLISH and after it has been rebuilt for updates-testing, verify it instead.
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
