3

Ubuntu: 940-2: Kerberos vulnerability

view full story
linux-howto

http://www.linuxsecurity.com – LinuxSecurity.com: USN-940-1 fixed vulnerabilities in Kerberos. This update provides thecorresponding updates for Ubuntu 10.04. [More...] (Security)

robot1's picture
Submitted by robot1 on 07/21/2010 – Made popular on 07/21/2010

Stories similar to Ubuntu: 940-2: Kerberos vulnerability

LinuxSecurity.com: It was discovered that Kerberos did not correctly free memory in theGSSAPI and kdb libraries. If a remote attacker were able to manipulatean application using these libraries carefully, the service couldcrash, leading to a denial of service. (Only Ubuntu 6.06 LTS wasaffected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972) [More...]

I'm trying to test a Kerberos-based SSO solution for our Java app. Unfortunately, I don't have a Windows domain at my disposal to do so.

Kerberos & localhost 1 year 2 weeks ago

I've got a Kerberos v5 server set up on a Linux machine, and it's working very well when connecting to other hosts (using samba, ldap or ssh), for which there are principals in my kerberos database.

Can I use kerberos to authenticate against localhost though? And if I can, are there reasons why I shouldn't? I haven't made a kerberos principal for localhost.

i've been having issues where calls to the LogonUser Windows API function is falling back to NTLM authentication, rather than using the preferred, default, Kerberos authentication.

Researching the problem, a guy has a suggestion:

The thing to do is to figure out why the code is using NTLM instead of Kerberos in the first place since Kerberos is the default and to try to see if it can be

Public Key Auth + Kerberos 1 year 1 week ago

I've setup public key authentication for ssh'ing into my university machine. However, it only logs me in on the local machine and doesn't give me Kerberos credentials which I need for accessing my network folder.

Mandriva: 2010:071: krb5 3 years 9 weeks ago

LinuxSecurity.com: A vulnerability has been found and corrected in krb5: Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a [More...]

I have a web application (hostname: service.domain.com) and I wish to use Kerberos authentication to identify users that are logged into a Windows domain. Microsoft AD (Windows Server 2008 R2) is providing the Kerberos service.

The service is a Java web application using Spring Security Kerberos extension library to implement SPNEGO/Kerberos protocol.

Hi ,

I tried to configure nis with kerberos authentication, and i think i configured my server correctly coz i already configured nis with kerberos earlier and it was working fine but not today i getting error.

question about kerberos 2 weeks 5 days ago

I configured kerberos on a debian box and tried using MIT kerberos for windows to log in. I get the following error:

Code: cannot resolve network address for kdc in requested realm I don't have a DNS server set up but though maybe the hosts file would handle any problems resolving hostname to ip address. Do I need DNS?