Notified: October 24, 2002 Updated: November 06, 2002
Our MIT Kerberos 5 packages in Conectiva Linux 8 do contain the vulnerable kadmind4 daemon, but it is not used by default nor is it installed as a service. Updated packages are being uploaded to our ftp server and should be available in a few hours at: ftp://atualizacoes.conectiva.com.br/8/
The krb5-server-1.2.3-3U8_3cl.i386.rpm package contains a patched kadmind4 daemon. An announcement will be sent to our security mailing list a few hours after the upload is complete.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Conectiva Linux Announcement CLSA-2002:534 (English).