System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Multiple MIT Kerberos Vulnerabilities (2008-B-0024)

Rodney Jones_1
Occasional Contributor

Multiple MIT Kerberos Vulnerabilities (2008-B-0024)

Does anyone know if HP has or will address the following vulnerabilities with Kerberos?

Library Buffer Overflow Vulnerability (CVE 2008-0947)

Null/Dangling Pointer Vulnerability (CVE-2008-0062)

Uninitialized Stack Value Vulnerability (CVE-2008-0063)

Vulnerable Applications:
MIT, Kerberos 5, 1.6.3_KDC, and earlier
MIT, Kerberos 5, 1.2.2
MIT, Kerberos 5, 1.4 through 1.4.4
MIT, Kerberos 5, 1.5 through 1.5.3
MIT, Kerberos 5, 1.6 through 1.6.3

Thanks,
Rodney



2 REPLIES
samshi001
Occasional Visitor

Re: Multiple MIT Kerberos Vulnerabilities (2008-B-0024)


Any update on this issue?

I am told to do the following on my servers:

Outdated MIT KERBEROS 5 /usr/lib/hpux32/libkrb5.so.1 version 1.3.5 found. Please
upgrade to MIT KERBEROS 5 version 1.6.1 or later.

Does someone have the experience to share?

Thanks

Sam Shi
eric roseme
Respected Contributor

Re: Multiple MIT Kerberos Vulnerabilities (2008-B-0024)

Are you asking about the HP-UX Kerberos Client or Kerberos Server? The Kerberos Server is not MIT - so CVE-2008-0062 and CVE-2008-0063 do not apply. For CVE-2008-0947 we will have client update on a web release in July or August. This update will not be 1.7, however.