%package ftp-client-krb5 ftp-server-krb5 krb5-server krb5-workstation lib64krb53 lib64krb53-devel telnet-client-krb5 telnet-server-krb5
Update: Tue Apr 10 10:26:02 2007
Importance: security
ID: MDKSA-2007:077-1
URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:077-1

%pre
A vulnerability was found in the username handling of the MIT krb5
telnet daemon.  A remote attacker that could access the telnet port
of a target machine could login as root without requiring a password
(CVE-2007-0956).

Buffer overflows in the kadmin server daemon were discovered that could
be exploited by a remote attacker able to access the KDC.  Successful
exploitation could allow for the execution of arbitrary code with
the privileges of the KDC or kadmin server processes (CVE-2007-0957).

Finally, a double-free flaw was discovered in the GSSAPI library used
by the kadmin server daemon, which could lead to a denial of service
condition or the execution of arbitrary code with the privileges of
the KDC or kadmin server processes (CVE-2007-1216).

Updated packages have been patched to address this issue.

Update:

Packages for Mandriva Linux 2007.1 are now available.

%description
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.