SalvusAlert : MIT Kerebos 5 multiple vulnerabilities

Summary: Multiple vulnerabilities in MIT Kerebos 5 the severest may allow remote execution of arbitrary code.


Information At A Glance
Source	Version/Dependency	Developer	Severity
NIST/Bugtrack	See CVE’s or your Linux Distro	MIT	CRITICAL
Summary MIT Kerberos 5 has been documented with many vulnerabilities. These include the ability for a remote attacker to spoof authorization, modify KDC responses, Forge data msgs, Forge tokens and signatures, impersonate a client and more.The following CVE’s cover the various vulnerabilities CVE-2009-3295,CVE-2009-4212,CVE-2010-0283, CVE-2010-0629, CVE-2010-1320, CVE-2010-1321, CVE-2010-1322, CVE-2010-1323, CVE-2010-1324 ,CVE-2010-4020, CVE-2010-4021,CVE-2010-4022,CVE-2011-0281, CVE-2011-0282, CVE-2011-0283, CVE-2011-0285,CVE-2011-1527, CVE-2011-1528,CVE-2011-1529,CVE-2011-1530,CVE-2011-4151 Fix Since Kerebos 5 is implemented in many distributions of Linux and other operating systems it is highly advisable to update your systems. If you are unsure, please contact your administrator or hosting company to ensure the patches are applied to your systems. Source BugTrak, NIST

$4.95 Domains (1-year term only) at Network Solutions®! NEW Customers Only - Use code: NCDISC01AF. Start Now!

Disclaimer: Salvus Alerting provides timely industry related information to its subscriber community and visitors for informational purposes only and makes every effort to distribute accurate and reliable information. Any information provided, is considered “as-is” and the subscriber and/or visitor assumes all responsibility for its uses. Salvus Alerting disclaims all warranties with regard to the information being provided, including all implied warranties of merchantability and fitness. In no event shall Salvus Alerting be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other legal action, arising out of or in connection with the use or performance of this information being provided. Salvus Systems and Salvus Alerting is a wholly owned and operated by FactNgN, LLC.