FYI...
Kerberos Security Advisories-
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2009-001.txtLast update: 2009-04-07
Topic: multiple vulnerabilities in SPNEGO, ASN.1 decoder
...The upcoming krb5-1.7 and krb5-1.6.4 releases will contain fixes for these vulnerabilities... (or) Apply the patch, available at:
http://web.mit.edu/kerberos/advisories/2009-001-patch.txt ...
-
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0844-
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0845-
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0847-
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2009-002.txtLast update: 2009-04-07
Topic: ASN.1 decoder
...This is an implementation vulnerability in MIT krb5, and is not a vulnerability in the Kerberos protocol... The upcoming krb5-1.7 and krb5-1.6.4 releases will contain fixes for
this vulnerability... (or) patch is also available at:
http://web.mit.edu/kerberos/advisories/2009-002-patch.txt-
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0846 CVSS Severity: 10.0 (HIGH)
-
http://atlas.arbor.net/briefs/index#-2016235497April 13, 2009 - "MIT Kerberos 5 (krb5) versions prior to 1.6.4 , which is the foundation for many commercial Kerberos implementations, is vulnerable to three separate issues..."
-
http://secunia.com/advisories/34347/2/Last Update: 2009-04-08
Critical:
Highly criticalImpact: Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Kerberos 5.x
Solution: Apply patches.
http://web.mit.edu/kerberos/advisories/2009-001-patch.txthttp://web.mit.edu/kerberos/advisories/2009-002-patch.txtReportedly, the vulnerabilities will also be fixed in the upcoming 1.7 and 1.6.4 release versions...
-
http://secunia.com/advisories/34734/2/Release Date: 2009-04-16
Topic: Kerberos vuln - update available