MDVSA-2010:054

Nom du paquet

pam_krb5

Date

2010-03-04

Advisory ID

MDVSA-2010:054

Affected versions

2009.0 x86_64 , MES5 i586 , 2009.1 i586 , 2009.0 i586 , 2009.1 x86_64 , MES5 x86_64

Problem description

Pam_krb5 2.2.14 through 2.3.4 generates different password prompts
depending on whether the user account exists, which allows remote
attackers to enumerate valid usernames (CVE-2009-1384).

This update provides the version 2.3.5 of pam_krb5, which is not
vulnerable to this issue.

Updated packages

2009.0 x86_64

 5e51454148dda7c08020265d2c38b8c2  2009.0/x86_64/pam_krb5-2.3.5-0.1mdv2009.0.x86_64.rpm 
 eec3b496e0d49cdf5acc2938e87d7be9  2009.0/SRPMS/pam_krb5-2.3.5-0.1mdv2009.0.src.rpm

MES5 i586

 81a267d32261fca0544deb4a41226fb8  mes5/i586/pam_krb5-2.3.5-0.1mdvmes5.i586.rpm 
 24dbd8d940e0d842577d3ce7f8c7ee00  mes5/SRPMS/pam_krb5-2.3.5-0.1eugeni2010.1.src.rpm

2009.1 i586

 7ee29d86ae8cf64ab1b9a2fa6d84e4de  2009.1/i586/pam_krb5-2.3.5-0.1mdv2009.1.i586.rpm 
 c032fb6b8490cb5c1898a333e4f8b07e  2009.1/SRPMS/pam_krb5-2.3.5-0.1mdv2009.1.src.rpm

2009.0 i586

 0d807317d9e0fd0d25b8cdfde550a813  2009.0/i586/pam_krb5-2.3.5-0.1mdv2009.0.i586.rpm 
 eec3b496e0d49cdf5acc2938e87d7be9  2009.0/SRPMS/pam_krb5-2.3.5-0.1mdv2009.0.src.rpm

2009.1 x86_64

 8a0ff5a977f141f1c494f316280966c5  2009.1/x86_64/pam_krb5-2.3.5-0.1mdv2009.1.x86_64.rpm 
 c032fb6b8490cb5c1898a333e4f8b07e  2009.1/SRPMS/pam_krb5-2.3.5-0.1mdv2009.1.src.rpm

MES5 x86_64

 8d5fa51d3bb8b9c1adb9b2f8e65a8885  mes5/x86_64/pam_krb5-2.3.5-0.1mdvmes5.x86_64.rpm 
 24dbd8d940e0d842577d3ce7f8c7ee00  mes5/SRPMS/pam_krb5-2.3.5-0.1eugeni2010.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384