Package: openssh-krb5 Severity: important Tags: security CAN-2005-2798[1] reads:
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. Since GASSAPI features are enabled in openssh-krb5/ssh-krb5 and the source package tends to use older gassapi source, so it is likely these binaries are vulnerable. GSSAPI is disabled in the main openssh binary packages, but the bug is still present in the source (see #326065), so this separate bug is filed against this package. Please mention this CAN number in any changelog entries that fix this issue. 1. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2798 -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.8-2-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
