MITKRB5-SA-2009-002 - CVE-2009-0846 and Open Enterprise Server

  • 7003100
  • 24-Apr-2009
  • 27-Apr-2012


Novell Modular Authentication Service (NMAS)
Novell Open Enterprise Server 2 (OES 2)
Novell Open Enterprise Server (Linux based)
Novell Open Enterprise Server (NetWare based)


MITKRB5-SA-2009-002 - CVE-2009-0846 has been fixed in the following Open Enterprise Server rpoducts:

  • NKDC (novell-kerberos-base  1.5-32.4) in OES2.  (NKDC was discontinued in OES2 SP1 and beyond, so only fixed in SP0.)
  • Kerberos functionality (novell-xad-krb5 1.6.4842-0.4.1) in Domain Services for Windows OES2 SP1.  (DSfW first appeared in OES2 SP1, and didn't exist in earlier releases of OES.)


Security Alert

Bug Number

491146 492387

Additional Information

Details on CVE-2009-0846 should be reviewed @