Summary: | Security hole in v4 cross-realm in Heimdal and kth-krb | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Ian <ian> |
Component: | New packages | Assignee: | Gentoo Security <security> |
Status: | RESOLVED DUPLICATE | ||
Severity: | critical | ||
Priority: | High | ||
Version: | 1.2 | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.pdc.kth.se/heimdal/ | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Ian
2003-03-17 12:02:56 UTC
2003-03-17: Security advisory regarding v4 cross-realm All versions of the kerberos server are vulnerable to a protocol bug in the kerberos v4 cross-realm operation. Release 1.2.2 by default disables cross-realm in the server, and adds an option for enabling it. The long-term fix is to migrate to Kerberos v5. |