pam_krb5-2.2.14-15
エラータID: AXSA:2010-171:01
Release date:
Thursday, April 1, 2010 - 12:16
Subject:
pam_krb5-2.2.14-15
Affected Channels:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
This is pam_krb5, a pluggable authentication module that can be used with Linux-PAM and Kerberos 5. This module supports password checking, ticket creation, and optional TGT verification and conversion to Kerberos IV tickets. The included pam_krb5afs module also gets AFS tokens if so configured.
Security issues fixed with this release:
CVE-2009-1384
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Solution:
Update packages.
CVEs:
CVE-2009-1384
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Additional Info:
N/A
Download:
Asianux Server 3 for x86
- pam_krb5-2.2.14-15.i386.rpm
MD5: ab39cf3909f523c420f4394d24a5fe1e
SHA-256: 11d14efe62fb8afe06575311b5ed791ca63b1c8cf43f3585c3d9ae8be76c990a
Size: 136.41 kB
Asianux Server 3 for x86_64
- pam_krb5-2.2.14-15.x86_64.rpm
MD5: 7d0484374f4ed6f4ed785f63594fc32f
SHA-256: ce8fe0f84d2a1ad7ab787f5965ca377a74e411c0b7cfce67e0753e34f5708999
Size: 136.13 kB
日本語