Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

IBM Information for VU#875073

Date Notified10/24/2002
Date Modified02/26/2003 01:06:56 PM
Status SummaryVulnerable

Vendor Statement

The IBM pSeries Parallel Systems Support Programs (PSSP) implementation of Kerberos V4 (shipped with PSSP) is potentially vulnerable to the Kerberos V4 administration daemon buffer overflow described in CA-2002-29. For more information, see:

http://techsupport.services.ibm.com/server/nav?fetch=/spflashes/home.html
Click on the Service Flash for "Potential Kerberos V4 security vulnerability." This link also contains APAR numbers and solution information.

The IBM Network Authentication Service (NAS) product is not vulnerable to the buffer overflow vulnerability in the kadmind4 daemon. NAS is currently at release 1.3 and is available from the AIX Expansion Pack. The kadmind4 daemon is not part of the NAS product.

US-CERT Addendum

It is possible that PSSP and other IBM and third-party applications using DCE/Kerberos 5 may be vulnerable if they support Kerberos 4 administration.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information