Rapid7 Vulnerability & Exploit Database

CESA-2008:0180: RHSA-2008:0180

Free InsightVM Trial No credit card necessary
Watch Demo See how it all works
Back to Search

CESA-2008:0180: RHSA-2008:0180



Critical: krb5 security updateKerberos is a network authentication system which allows clients andservers to authenticate to each other through use of symmetric encryptionand a trusted third party, the KDC.A flaw was found in the way the MIT Kerberos Authentication Service and KeyDistribution Center server (krb5kdc) handled Kerberos v4 protocol packets.An unauthenticated remote attacker could use this flaw to crash thekrb5kdc daemon, disclose portions of its memory, or possibly executearbitrary code using malformed or truncated Kerberos v4 protocolrequests. (CVE-2008-0062, CVE-2008-0063)This issue only affected krb5kdc with Kerberos v4 protocol compatibilityenabled, which is the default setting on Red Hat Enterprise Linux 4.Kerberos v4 protocol support can be disabled by adding "v4_mode=none"(without the quotes) to the "[kdcdefaults]" section of/var/kerberos/krb5kdc/kdc.conf.Red Hat would like to thank MIT for reporting these issues.A double-free flaw was discovered in the GSSAPI library used by MITKerberos. This flaw could possibly cause a crash of the application usingthe GSSAPI library. (CVE-2007-5971)All krb5 users are advised to update to these erratum packages whichcontain backported fixes to correct these issues.


  • centos-upgrade-krb5-devel
  • centos-upgrade-krb5-libs
  • centos-upgrade-krb5-server
  • centos-upgrade-krb5-workstation

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center