-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-079B MIT Kerberos Updates for Multiple Vulnerabilities Original release date: March 19, 2008 Last revised: -- Source: US-CERT Systems Affected * MIT Kerberos Overview The MIT Kerberos implementation contains several vulnerabilities. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, compromise the key database or cause a denial of service on a vulnerable system. I. Description The MIT Kerberos Development Team has released MIT krb5 Security Advisory 2008-002 to address vulnerabilities in multiple versions of MIT Kerberos. More information about these vulnerabilities can be found in VU#895609 and VU#374121. II. Impact Potential consequences include arbitrary code execution, key database compromise, and denial of service. III. Solution Install updates from your vendor Check with your vendors for patches or updates. For information about a vendor, please see the systems affected section in vulnerability notes VU#895609 and VU#374121 or contact your vendor directly. Administrators who compile MIT Kerberos from source should refer to MIT Security Advisory 2008-002 for more information. IV. References * US-CERT Vulnerability Note VU#895609 - <http://www.kb.cert.org/vuls/id/895609> * US-CERT Vulnerability Note VU#374121 - <http://www.kb.cert.org/vuls/id/374121> * MIT krb5 Security Advisory 2008-002 - <http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt2> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA08-079B.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@xxxxxxxx> with "TA08-079B Feedback VU#895609" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History March 19, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR+E+pPRFkHkM87XOAQK1jwf/ZDEomMLCZvsmN7KVXa0Il5PqXlfRvG2Y jdWPUCi92qmgvm8LdqoNgAUxnUGYzCHLQzw8ebmnz37AMigDNsYIzFHStgnoJDVi iK6UGC6gHLnGJFuG+otEC9jZaVeIiUbKddB2+vzvmDWLnvIsyxzmHf6lJe0IrZlH ho/cCgpfRctgZHM5Ke+pPPqMjZZ7u0OUQnM7MIcSsZbKxw8x2CyUpaSiheMDhf8p 8JGyx+nkyvZoja6Ee4WCRq3xtVaUlp/sg8IZYY5nav2VuSh15rJXLJCWDBXUU+oV aAXPa2JEx5Cn3S0CFz8SIJ4NoLUp09usVMFyeNd57FMBKRjTAC/DBw== =4wkz -----END PGP SIGNATURE-----