Notified: July 21, 2004 Updated: May 10, 2005
Affected
This is fixed in Security Update 2004-12-02, and further information is available from http://docs.info.apple.com/article.html?artnum=61798.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 02, 2004
Not Affected
The CyberSafe products listed below are not vulnerable. CyberSafe Challenger 5.2.8 (this is the same code used within CISCO IOS) TrustBroker 2.0, 2.1 ActiveTRUST 3.0, 4.0 TrustBroker Application Security SDK & Runtime Library 3.1.0 TrustBroker Secure Client 4.1.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 03, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see DSA-543.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 03, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see FEDORA-2004-276 (Fedora Core 1) and FEDORA-2004-277 (Fedora Core 2).
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 03, 2004
Not Affected
Hitachi products are NOT affected by this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
IBM eServer Platform Response For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID= In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to http://app-06.www.ibm.com/servers/resourcelink and follow the steps for registration. All questions should be reffered to servsec@us.ibm.com.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 03, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see MDKSA-2004:088.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 01, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see MITKRB5-SA-2004-002.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 03, 2004
Unknown
sent on September 3, 2003 [Server Products] Super computer SX operating system is NOT vulnerable. We are investigating other products of ours.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Affected
New krb5 packages are now available along with our advisory at the URLs below and by using the Red Hat Network 'up2date' tool. Please note that Red Hat Enterprise Linux 3 contained a fix for VU#350792 (CAN-2004-0772) from release, and for Red Hat Enterprise Linux 2.1 users this issue was fixed in a previous update, RHSA-2003:052. http://rhn.redhat.com/errata/RHSA-2004-448.html http://rhn.redhat.com/errata/RHSA-2004-350.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 03, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see TSL-2004-0045.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Not Affected
This vulnerability is not Applicable to VanDyke Software products. VanDyke Software products do not link to any static kerberos libraries. Instead, VanDyke Software products dynamically load shared libraries for GSSAPI related functionality. Due to the critical nature of this vulnerability in affected versions of MIT Kerberos, those using the GSSAPI authentication method for SSH2 authentication within an MIT Kerberos environment should install the patched version of MIT Kerberos immediately.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 21, 2004 Updated: September 02, 2004
Not Affected
The double-free memory management vulnerabilities VU#795632, VU#866472 and VU#550464, are not applicable to the WRQ Reflection Kerberos Client. WRQ Kerberos implementation uses Windows-based memory management routines and has been inspected to verify that this type of vulnerability is not present.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.