此内容没有您所选择的语言版本。

4.123. krb5-appl


Updated krb5-appl packages that fix one security issue are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link(s) associated with each description below.
The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC).

Security Fix

CVE-2011-4862
A buffer overflow flaw was found in the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root.
Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.
For users who have installed the krb5-appl-servers package, have enabled the krb5 telnet daemon, and have it accessible remotely, this update should be applied immediately.
All krb5-appl-server users should upgrade to these updated packages, which contain a backported patch to correct this issue.
Updated krb5-appl packages that fix two bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
The krb5-appl packages contain Kerberos-aware versions of clients and servers for the telnet, FTP, rsh, and rlogin protocols.

Bug Fixes

BZ#713459
Prior to this update, the default PAM configuration for the FTP server incorrectly attempted to use the pam_selinux.so module. As a result, users failed to log in. This update corrects the supplied configuration. Now, the FTP server works as expected.
BZ#713521
Prior to this update, the FTP server did not correctly parse lines in the /etc/ftpusers file which specified user names in combination with the "restrict" keyword. This update modifies the code so that the server parses the "restrict" keyword correctly.

Enhancement

BZ#665834, BZ#736364
Prior to this update, the command-line FTP client in the krb5-appl-clients package did not accept command lines longer than 500 characters. This update removes this limitation.
All users of krb5-appl are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.
Updated krb5-appl packages that fix one bug are now available for Red Hat Enterprise Linux 6.
The krb5-appl packages contain Kerberos-aware versions of telnet, ftp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and trusted third-party, the Key Distribution Center (KDC).

Bug Fix

BZ#816689
When executing either the "mdir" or "mls" command, the FTP client stores results returned by the server in a specified local file. Previously, when opening the file, the client did not ensure that the mode value it passed to the fopen() function was properly null-terminated. This could cause unpredictable failures. This update ensures that the value is properly null-terminated so that the failures no longer occur in this scenario.
All users of krb5-appl are advised to upgrade to these updated packages, which fix this bug.
Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.