Summary: | <sys-auth/pam_krb5-? user enumeration (CVE-2009-1384) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | kerberos, pam-bugs+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=502602 | ||
Whiteboard: | B4 [invalid] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
2009-06-12 21:24:12 UTC
I'm not sure about the versioning, BUT even if I'm wrong, this bug has it's use to remind you to remove older, vulnerable versions <3.12 from tree. the red hat pam_krb5 and ours (from Russ Allbery) have a different codebase AFAIK. But on the other hand it doesn't hurt to clean up old pam_krb5 releases. Therefore -> fixed. g, mueli Thanks! I had in mind that there was something up with pam_krb5; now I had a look: our package is called "sys-auth/pam_krb5" in portage, but in fact it is pam-krb5 (note the hyphon/underscore); the redhat package is the "real" pam_krb5. |