Mandriva Update For Pam_krb5 MDVSA-2010:054 (pam_krb5) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Pam_krb5 2.2.14 through 2.3.4 generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames (CVE-2009-1384). This update provides the version 2.3.5 of pam_krb5, which is not vulnerable to this issue.

Affected

pam_krb5 on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2009.1, Mandriva Linux 2009.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2009-1384

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:139 (libtorrent-rasterbar)
Mandrake Security Advisory MDVSA-2009:017 (kdebase)
Mandrake Security Advisory MDVSA-2009:092 (ntp)
Mandrake Security Advisory MDVSA-2009:069 (curl)
Mandrake Security Advisory MDVSA-2009:002 (bind)

Mandriva Update for pam_krb5 MDVSA-2010:054 (pam_krb5)

Take action and discover your vulnerabilities