Sun Security Blog
Security
|
03 Aug 2009
Sun Alert 256728 Multiple Security Vulnerabilities in the Solaris Kerberos 'Mech' Libraries May Lead To Execution of Arbitrary Code, Unauthorized Access to Data or a Denial of Service (DoS) Condition
Product: Sun Enterprise Authentication Mechanism 1.0.1 Solaris 9 Operating System Solaris 10 Operating System OpenSolaris Multiple security vulnerabilities in the Solaris Kerberos (see kerberos(5)) mech_krb5 library and the mech_spnego(5) library may allow remote unprivileged users to cause certain Kerberos applications and daemons, including the Kerberos administration daemon (kadmind(1M)) to crash. These issues may also lead to unauthorized information disclosure and execution of arbitrary code with the privileges of the root user. These issues are also described in the following documents: CVE-2009-0844 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844 CVE-2009-0845 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845 CVE-2009-0846 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846 CVE-2009-0847 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847
MIT Advisory MITKRB5-SA-2009-002 at http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2009-002.txt MIT Advisory MITKRB5-SA-2009-001 at http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2009-001.txt State: Resolved First released: 07-Apr-2009
Permalink
|
Comments:
Post a Comment: Comments are closed for this entry. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
