Support
Eng
òÕÓ
Company
Home
Services
Solutions
Documentation
News and Events
 
 
 
Knowledgebase
Downloads
Glossary
Ask a Question
Search:     Advanced search
SHALB.com / Security Knowledgebase / Network Security / Debian Local Security Checks / [DSA273] DSA-273-1 krb4
server monitoring

[DSA273] DSA-273-1 krb4
Article ID: 15110
Last updated: 27 Jan, 2009
Print
Email to friend
Views: 375
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.

[DSA273] DSA-273-1 krb4
This script is (C) 2008 Tenable Network Security, Inc.

FamilyDebian Local Security Checks
Plugin ID15110
Bugtraq ID
CVE IDCVE-2003-0138
CVE-2003-0139

Description:

A cryptographic weakness in version 4 of the Kerberos protocol allows
an attacker to use a chosen-plaintext attack to impersonate any
principal in a realm. Additional cryptographic weaknesses in the krb4
implementation permit the use of cut-and-paste attacks to fabricate
krb4 tickets for unauthorized client principals if triple-DES keys are
used to key krb4 services. These attacks can subvert a sites entire
Kerberos authentication infrastructure.
For the stable distribution (woody) this problem has been
fixed in version 1.1-8-2.3.
For the old stable distribution (potato) this problem has been
fixed in version 1.0-2.3.


Solution : http://www.debian.org/security/2003/dsa-273
Risk factor : High
This article was:   Helpful | Not Helpful
Prev   Next
[DSA1692] DSA-1692-1 php-xajax     [DSA814] DSA-814-1 lm-sensors

server monitoring

¿ 2010 "SHALB.com" All rights reserved
SHALB Home
Services
Solutions
Documentation
News and Events