Environment
Novell Open Enterprise Server 2 (OES 2) Linux
Situation
As per the disclosed facts in MITKRB5-SA-2011-003 [CVE-2011-0284] no services in OES2 are vulnerable.
Resolution
N/A
Additional Information
Details of MITKRB5-SA-2011-003 can be found @ http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt
Domain Services for Windows (DSfw) is the only component shipping Kerberos in OES2. The Kerberos version in DSfw is V1.6.3. This vulnerability affects KDC versions 1.7 and later.
Other components like Novell DNS (from OES) uses Kerberos libraries that are delivered by the DSfw component, so patching DSfw should will always suffice.
Domain Services for Windows (DSfw) is the only component shipping Kerberos in OES2. The Kerberos version in DSfw is V1.6.3. This vulnerability affects KDC versions 1.7 and later.
Other components like Novell DNS (from OES) uses Kerberos libraries that are delivered by the DSfw component, so patching DSfw should will always suffice.