Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: May 09, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Conectiva has released Conectiva Security Announcement CLSA-2003:639 in response to this issue. Users are encouraged to review this announcement and apply the patches it refers to.
Notified: March 05, 2003 Updated: March 21, 2003
Unknown
Cray, Inc. may be vulnerable on their UNICOS and UNICOS/mk systems only. UNICOS/mp is not affected. SPR 725005 has been opened to investigate.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 31, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The Debian Project has released the following Debian Security Advisories in response to this issue: DSA-266 DSA-269 DSA-273 Users are encouraged to review these advisories and apply the patches they refer to.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 06, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: March 31, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The Gentoo development team has released the following Gentoo Linux Security Announcements in response to this issue: 200303-26 200303-28 Users are encouraged to review these bulletins and apply the patches they refer to.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: April 04, 2003
Not Affected
Hitachi's GR2000 gigabit router series - is NOT vulnerable. Hitachi's HI-UX/WE2 - is NOT vulnerable, because it does not support Kerberos V4.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 10, 2003
Not Affected
Ingrian Networks products are not succeptable to VU#623217 and VU#442569.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Not Affected
Kerberos does not ship with any Juniper product, so there is no vulnerability to these issues.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Not Affected
Kerberos does not ship with any Lotus product, so there is no vulnerability to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: April 01, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
MandrakeSoft has issued Mandrake Linux Security Update Advisory MDKSA-2003:043 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Notified: March 05, 2003 Updated: March 20, 2003
Not Affected
Microsoft has investigated this issue and determined that our products are not vulnerable to the issues described in the report. Microsoft implementations are based on Kerberos 5
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: March 17, 2003
Affected
The MIT Kerberos development team has released MITKRB5-SA-2003-004 in response to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: April 04, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The NetBSD Project has released NetBSD Security Advisory 2003-006 in response to this issue. Users are encouraged to review this advisory and apply the patches that it refers to.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: April 02, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The OpenAFS development team has released OpenAFS Security Advisory 2003-001 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Notified: March 05, 2003 Updated: March 24, 2003
Affected
There is a cryptographic weaknesses in the Kerberos v4 protocol (this is not something that is fixable in Kerberos v4). Sites still using Kerberos v4 should migrate to Kerberos v5. Kerberos v5 does not have this weakness, but since it contains v4 to v5 translation services it is still possible to exploit the v4 protocol defect. For more information, please see: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt The following patches cause Kerberos v4 requests from foreign realms to be ignored unless support for this is explicitly enabled. Patch for OpenBSD 3.1: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/026_kerberos.patch Patch for OpenBSD 3.2: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/013_kerberos.patch The aforementioned patches have already been applied to the 3.1 and 3.2 -stable branches.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: April 02, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Red Hat has issued Red Hat Security Advisories RHSA-2003:051 and RHSA-2003:091 in response to this issue. Users are encouraged to review these advisories and apply the patches they refer to.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: March 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: March 05, 2003 Updated: April 09, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
WireX Communications, Inc. has released Immunix Secured OS Security Advisory IMNX-2003-7+-007-01 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
Notified: March 05, 2003 Updated: May 09, 2003
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Xerox Corporation's reponse to this issue can be found at the following location http://a1851.g.akamaitech.net/f/1851/2996/24h/cache.xerox.com/downloads/usa/en/c/CERT_VU623217.pdf Users are encouraged to review this bulletin to determine if any of the Xerox products they employ are affected by this vulnerability.