Apple Computer Inc. Affected

Notified:  June 02, 2004 Updated: May 10, 2005

Status

Affected

Vendor Statement

This is fixed in Security Update 2004-09-07, and further information is available from http://docs.info.apple.com/article.html?artnum=61798.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Conectiva Affected

Notified:  June 02, 2004 Updated: June 03, 2004

Status

Affected

Vendor Statement

We are currently testing updated kerberos packages for Conectiva Linux 8 and Conectiva Linux 9. They will be made available at http://distro2.conectiva.com.br/atualizacoes/ shortly.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cray Inc. Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Debian Affected

Notified:  June 02, 2004 Updated: June 03, 2004

Status

Affected

Vendor Statement

It's a very low impact bug in aggrigate because the configuration is not the default and is poorly documented. This problem is present in the version of Kerberos in woody. Debian will release updated packages shortly.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

EMC Corporation Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

FreeBSD Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Fujitsu Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Guardian Digital Inc. Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Heimdal Kerberos Project Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hewlett-Packard Company Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hitachi Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

IBM Unknown

Notified:  June 02, 2004 Updated: June 03, 2004

Status

Unknown

Vendor Statement

IBM eServer Platform Response For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID= In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to http://app-06.www.ibm.com/servers/resourcelink and follow the steps for registration. All questions should be reffered to servsec@us.ibm.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Ingrian Networks Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Juniper Networks Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

KTH Kerberos Development Team Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MandrakeSoft Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Microsoft Corporation Not Affected

Notified:  June 02, 2004 Updated: June 03, 2004

Status

Not Affected

Vendor Statement

Microsoft's Kerberos 5 implementation is independent from MIT's and is not affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MIT Kerberos Development Team Affected

Updated:  June 02, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see MIT krb5 Security Advisory 2004-001.

MontaVista Software Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NEC Corporation Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NetBSD Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nokia Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Novell Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

OpenBSD Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Openwall GNU/*/Linux Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Red Hat Inc. Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SCO Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SGI Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sony Corporation Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sun Microsystems Inc. Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SuSE Inc. Not Affected

Notified:  June 02, 2004 Updated: June 03, 2004

Status

Not Affected

Vendor Statement

We do not ship the MIT Kerberos implementation. We ship Heimdal, which includes the mentioned function too but the Heimdal implementation of krb5_aname_to_localname() looks safe.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

tinysofa Affected

Updated:  June 03, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see TSSA-2004-009.

Trustix Secure Linux Affected

Updated:  June 03, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Trustix Secure Linux Security Advisory #2004-0032.

TurboLinux Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Unisys Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Wind River Systems Inc. Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Wirex Unknown

Updated:  June 03, 2004

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

WRQ Not Affected

Notified:  June 02, 2004 Updated: June 03, 2004

Status

Not Affected

Vendor Statement

The WRQ Reflection Kerberos Client is not subject to the krb5_aname_to_localname() vulnerabilities [VU#686862], because it contains client functionality only and does no mapping of principal name to username. WRQ recommends that users periodically check WRQ's "Security Updates and Reflection" Technical Note (http://support.wrq.com/techdocs/1708.html) for information on advisories or updates.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

View all 38 vendors View less vendors