MITKRB5-SA-2009-002 - CVE-2009-0846 and Open Enterprise Server

  • 7003100
  • 24-Apr-2009
  • 27-Apr-2012

Environment

Novell Modular Authentication Service (NMAS)
Novell Open Enterprise Server 2 (OES 2)
Novell Open Enterprise Server (Linux based)
Novell Open Enterprise Server (NetWare based)

Situation

MITKRB5-SA-2009-002 - CVE-2009-0846 has been fixed in the following Open Enterprise Server rpoducts:

  • NKDC (novell-kerberos-base  1.5-32.4) in OES2.  (NKDC was discontinued in OES2 SP1 and beyond, so only fixed in SP0.)
  • Kerberos functionality (novell-xad-krb5 1.6.4842-0.4.1) in Domain Services for Windows OES2 SP1.  (DSfW first appeared in OES2 SP1, and didn't exist in earlier releases of OES.)

Status

Security Alert

Bug Number

491146 492387

Additional Information

Details on CVE-2009-0846 should be reviewed @ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846

Feedback service temporarily unavailable. For content questions or problems, please contact Support.