Multiple MIT Kerberos Vulnerabilities (2008-B-0024)

Rodney Jones_1 · ‎04-04-2008

Does anyone know if HP has or will address the following vulnerabilities with Kerberos?

Library Buffer Overflow Vulnerability (CVE 2008-0947)

Null/Dangling Pointer Vulnerability (CVE-2008-0062)

Uninitialized Stack Value Vulnerability (CVE-2008-0063)

Vulnerable Applications:
MIT, Kerberos 5, 1.6.3_KDC, and earlier
MIT, Kerberos 5, 1.2.2
MIT, Kerberos 5, 1.4 through 1.4.4
MIT, Kerberos 5, 1.5 through 1.5.3
MIT, Kerberos 5, 1.6 through 1.6.3

Thanks,
Rodney

samshi001 · ‎06-09-2009

Any update on this issue?

I am told to do the following on my servers:

Outdated MIT KERBEROS 5 /usr/lib/hpux32/libkrb5.so.1 version 1.3.5 found. Please
upgrade to MIT KERBEROS 5 version 1.6.1 or later.

Does someone have the experience to share?

Thanks

Sam Shi

eric roseme · ‎06-10-2009

Are you asking about the HP-UX Kerberos Client or Kerberos Server? The Kerberos Server is not MIT - so CVE-2008-0062 and CVE-2008-0063 do not apply. For CVE-2008-0947 we will have client update on a web release in July or August. This update will not be 1.7, however.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Multiple MIT Kerberos Vulnerabilities (2008-B-0024)

Multiple MIT Kerberos Vulnerabilities (2008-B-0024)

Re: Multiple MIT Kerberos Vulnerabilities (2008-B-0024)

Re: Multiple MIT Kerberos Vulnerabilities (2008-B-0024)