Environment
Novell Open Enterprise Server 2 (OES 2) Linux
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 1
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 1
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2
Situation
As per the disclosed facts in MITKRB5-SA-2010-007 the following services in OES2 are vulnerable if enabled:
* Novell KDC (NKDC)
* Kerberos functionality in Domain Services for Windows (DSfW)
* SASL-GSSAPI LDAP login method
* Novell KDC (NKDC)
* Kerberos functionality in Domain Services for Windows (DSfW)
* SASL-GSSAPI LDAP login method
Resolution
The vulnerabilies have been addressed addressed in January 2010 updates to the following versions:
- OES2 SP0
- OES2 SP1 (ix86)
- OES2 SP1 (x86_64)
- OES2 SP2 (ix86)
- OES2 SP2 (x86_64)
Status
Security AlertAdditional Information
NKDC was discontinued as of OES2 SP1
Domain Services for Windows (DSfW) is available in OES2 SP1 and later
OES2 SP3 included the fixes
Domain Services for Windows (DSfW) is available in OES2 SP1 and later
OES2 SP3 included the fixes