3Com

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Apple Computer Inc.

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

AT&T

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Avaya

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

BSDI

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cisco Systems Inc.

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Conectiva

Notified:  March 05, 2003 Updated: May 09, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Conectiva has released Conectiva Security Announcement CLSA-2003:639 in response to this issue. Users are encouraged to review this announcement and apply the patches it refers to.

Cray Inc.

Notified:  March 05, 2003 Updated: March 21, 2003

Status

  Unknown

Vendor Statement

Cray, Inc. may be vulnerable on their UNICOS and UNICOS/mk systems only. UNICOS/mp is not affected. SPR 725005 has been opened to investigate.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Data General

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Debian

Notified:  March 05, 2003 Updated: March 31, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Debian Project has released the following Debian Security Advisories in response to this issue: DSA-266 DSA-269 DSA-273 Users are encouraged to review these advisories and apply the patches they refer to.

D-Link Systems

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

F5 Networks

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Foundry Networks Inc.

Notified:  March 05, 2003 Updated: March 06, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

FreeBSD

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Fujitsu

Notified:  March 05, 2003 Updated: March 21, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Gentoo Linux

Updated:  March 31, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Gentoo development team has released the following Gentoo Linux Security Announcements in response to this issue: 200303-26 200303-28 Users are encouraged to review these bulletins and apply the patches they refer to.

Guardian Digital Inc.

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hewlett-Packard Company

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hitachi

Notified:  March 05, 2003 Updated: April 04, 2003

Status

  Not Vulnerable

Vendor Statement

Hitachi's GR2000 gigabit router series - is NOT vulnerable. Hitachi's HI-UX/WE2 - is NOT vulnerable, because it does not support Kerberos V4.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

IBM-zSeries

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Ingrian Networks

Notified:  March 05, 2003 Updated: March 10, 2003

Status

  Not Vulnerable

Vendor Statement

Ingrian Networks products are not succeptable to VU#623217 and VU#442569.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Intel

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Juniper Networks

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Not Vulnerable

Vendor Statement

Kerberos does not ship with any Juniper product, so there is no vulnerability to these issues.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

KTH Kerberos

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Lotus Software

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Not Vulnerable

Vendor Statement

Kerberos does not ship with any Lotus product, so there is no vulnerability to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Lucent Technologies

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MandrakeSoft

Notified:  March 05, 2003 Updated: April 01, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

MandrakeSoft has issued Mandrake Linux Security Update Advisory MDKSA-2003:043 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

Microsoft Corporation

Notified:  March 05, 2003 Updated: March 20, 2003

Status

  Not Vulnerable

Vendor Statement

Microsoft has investigated this issue and determined that our products are not vulnerable to the issues described in the report. Microsoft implementations are based on Kerberos 5

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MiT Kerberos Development Team

Updated:  March 17, 2003

Status

  Vulnerable

Vendor Statement

The MIT Kerberos development team has released MITKRB5-SA-2003-004 in response to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MontaVista Software

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Multi-Tech Systems Inc.

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NEC Corporation

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NetBSD

Updated:  April 04, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The NetBSD Project has released NetBSD Security Advisory 2003-006 in response to this issue. Users are encouraged to review this advisory and apply the patches that it refers to.

NETBSD

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NetScreen

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Network Appliance

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NeXT

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nokia

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nortel Networks

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

OpenAFS

Notified:  March 05, 2003 Updated: April 02, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The OpenAFS development team has released OpenAFS Security Advisory 2003-001 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

OpenBSD

Notified:  March 05, 2003 Updated: March 24, 2003

Status

  Vulnerable

Vendor Statement

There is a cryptographic weaknesses in the Kerberos v4 protocol (this is not something that is fixable in Kerberos v4). Sites still using Kerberos v4 should migrate to Kerberos v5. Kerberos v5 does not have this weakness, but since it contains v4 to v5 translation services it is still possible to exploit the v4 protocol defect. For more information, please see: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt The following patches cause Kerberos v4 requests from foreign realms to be ignored unless support for this is explicitly enabled. Patch for OpenBSD 3.1: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/026_kerberos.patch Patch for OpenBSD 3.2: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/013_kerberos.patch The aforementioned patches have already been applied to the 3.1 and 3.2 -stable branches.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Openwall GNU/*/Linux

Notified:  March 05, 2003 Updated: March 21, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Redback Networks Inc.

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Red Hat Inc.

Notified:  March 05, 2003 Updated: April 02, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Red Hat has issued Red Hat Security Advisories RHSA-2003:051 and RHSA-2003:091 in response to this issue. Users are encouraged to review these advisories and apply the patches they refer to.

Riverstone Networks

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sequent

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SGI

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sony Corporation

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sun Microsystems Inc.

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SuSE Inc.

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

The SCO Group (SCO Linux)

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

The SCO Group (SCO UnixWare)

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Unisys

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Wind River Systems Inc.

Notified:  March 05, 2003 Updated: March 17, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Wirex

Notified:  March 05, 2003 Updated: April 09, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

WireX Communications, Inc. has released Immunix Secured OS Security Advisory IMNX-2003-7+-007-01 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

Xerox

Notified:  March 05, 2003 Updated: May 09, 2003

Status

  Not Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Xerox Corporation's reponse to this issue can be found at the following location http://a1851.g.akamaitech.net/f/1851/2996/24h/cache.xerox.com/downloads/usa/en/c/CERT_VU623217.pdf Users are encouraged to review this bulletin to determine if any of the Xerox products they employ are affected by this vulnerability.

View all 56 vendors View less vendors