MITKRB5-SA-2009-002 - CVE-2009-0846 and Open Enterprise Server

Document ID:7003100
Creation Date:24-Apr-2009
Modified Date:27-Apr-2012
- Micro Focus Products:
  Open Enterprise Server

Environment

Novell Modular Authentication Service (NMAS)
Novell Open Enterprise Server 2 (OES 2)
Novell Open Enterprise Server (Linux based)
Novell Open Enterprise Server (NetWare based)

Situation

MITKRB5-SA-2009-002 - CVE-2009-0846 has been fixed in the following Open Enterprise Server rpoducts:

NKDC (novell-kerberos-base 1.5-32.4) in OES2. (NKDC was discontinued in OES2 SP1 and beyond, so only fixed in SP0.)
Kerberos functionality (novell-xad-krb5 1.6.4842-0.4.1) in Domain Services for Windows OES2 SP1. (DSfW first appeared in OES2 SP1, and didn't exist in earlier releases of OES.)

Status

Security Alert

Bug Number

491146 492387

Additional Information

Details on CVE-2009-0846 should be reviewed @ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846