Family: Debian Local Security Checks --> Category: infos
[DSA273] DSA-273-1 krb4 Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
A cryptographic weakness in version 4 of the Kerberos protocol allows
a possible hacker to use a chosen-plaintext attack to impersonate any
principal in a realm. Additional cryptographic weaknesses in the krb4
implementation permit the use of cut-and-paste attacks to fabricate
krb4 tickets for unauthorized client principals if triple-DES keys are
used to key krb4 services. These attacks can subvert a site's entire
Kerberos authentication infrastructure.
For the stable distribution (woody) this problem has been
fixed in version 1.1-8-2.3.
For the old stable distribution (potato) this problem has been
fixed in version 1.0-2.3.
For the unstable distribution (sid) this problem has been
fixed in version 1.2.2-1.
We recommend that you upgrade your krb4 packages immediately.
Solution : http://www.debian.org/security/2003/dsa-273
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.