검색

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

4.123. krb5-appl

download PDF
Updated krb5-appl packages that fix one security issue are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link(s) associated with each description below.
The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).

Security Fix

CVE-2011-4862
A buffer overflow flaw was found in the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root.
Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.
For users who have installed the krb5-appl-servers package, have enabled the krb5 telnet daemon, and have it accessible remotely, this update should be applied immediately.
All krb5-appl-server users should upgrade to these updated packages, which contain a backported patch to correct this issue.
Updated krb5-appl packages that fix two bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
The krb5-appl packages contain Kerberos-aware versions of clients and servers for the telnet, FTP, rsh, and rlogin protocols.

Bug Fixes

BZ#713459
Prior to this update, the default PAM configuration for the FTP server incorrectly attempted to use the pam_selinux.so module. As a result, users failed to log in. This update corrects the supplied configuration. Now, the FTP server works as expected.
BZ#713521
Prior to this update, the FTP server did not correctly parse lines in the /etc/ftpusers file which specified user names in combination with the "restrict" keyword. This update modifies the code so that the server parses the "restrict" keyword correctly.

Enhancement

BZ#665834, BZ#736364
Prior to this update, the command-line FTP client in the krb5-appl-clients package did not accept command lines longer than 500 characters. This update removes this limitation.
All users of krb5-appl are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.
Updated krb5-appl packages that fix one bug are now available for Red Hat Enterprise Linux 6.
The krb5-appl packages contain Kerberos-aware versions of telnet, ftp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and trusted third-party, the Key Distribution Center (KDC).

Bug Fix

BZ#816689
When executing either the "mdir" or "mls" command, the FTP client stores results returned by the server in a specified local file. Previously, when opening the file, the client did not ensure that the mode value it passed to the fopen() function was properly null-terminated. This could cause unpredictable failures. This update ensures that the value is properly null-terminated so that the failures no longer occur in this scenario.
All users of krb5-appl are advised to upgrade to these updated packages, which fix this bug.
Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.