CESA-2008:0182: RHSA-2008:0182
Description
Critical: krb5 security updateKerberos is a network authentication system which allows clients andservers to authenticate to each other through use of symmetric encryptionand a trusted third party, the KDC.A flaw was found in the way the MIT Kerberos Authentication Service and KeyDistribution Center server (krb5kdc) handled Kerberos v4 protocol packets.An unauthenticated remote attacker could use this flaw to crash thekrb5kdc daemon, disclose portions of its memory, or possibly executearbitrary code using malformed or truncated Kerberos v4 protocolrequests. (CVE-2008-0062, CVE-2008-0063)This issue only affected krb5kdc with Kerberos v4 protocol compatibilityenabled, which is the default setting on Red Hat Enterprise Linux 4.Kerberos v4 protocol support can be disabled by adding "v4_mode=none"(without the quotes) to the "[kdcdefaults]" section of/var/kerberos/krb5kdc/kdc.conf.Red Hat would like to thank MIT for reporting these issues.All krb5 users are advised to update to these erratum packages whichcontain backported fixes to correct these issues.
Solution(s)
- centos-upgrade-krb5-devel
- centos-upgrade-krb5-libs
- centos-upgrade-krb5-server
- centos-upgrade-krb5-workstation
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center