Lucene search

CERTVU:875073

HistoryOct 23, 2002 - 12:00 a.m.

Kerberos administration daemon vulnerable to buffer overflow

2002-10-2300:00:00

www.kb.cert.org

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.294 Low

EPSS

Percentile

96.9%

JSON

Overview

Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system.

Description

A remotely exploitable buffer overflow exists in the Kerberos administration daemon in both the MIT and KTH Kerberos implementations. The administration daemon handles requests for changes to the Kerberos database and runs on the master Key Distribution Center (KDC) system of a Kerberos realm. The master KDC contains the authoritative copy of the Kerberos database, thus it is a critical part of a site’s Kerberos infrastructure. The buffer overflow can be triggered when the daemon parses an un-checked length value contained in an administrative request read from the network. An attacker does not have to authenticate in order to exploit this vulnerability, and the Kerberos administration daemon runs with root privileges.

Further information is available in MIT krb5 Security Advisory 2002-002. MIT has also provided a description of the attack signature against kadmind4.

In the MIT Kerberos 5 distribution, kadmind4 is included to provide legacy support for Kerberos 4 administrative clients. In the KTH Kerberos 5 (Heimdal) distribution, kadmind can be compiled with Kerberos 4 support. Therefore, sites using Kerberos 5 may be running vulnerable Kerberos administration daemon. Other implementations derived from MIT Kerberos 4 are likely to be affected, and many operating systems include Kerberos code from MIT or KTH.

Impact

An unauthenticated, remote attacker could execute arbitrary code with root privileges.

Solution

Patch or Upgrade

Apply the appropriate patch or upgrade as specified by your vendor.

Disable Vulnerable Service

If it is not needed, disable Kerberos 4 support. In MIT Kerberos 5, disable kadmin4. In KTH Heimdal, compile kadmind without Kerberos 4 support. This will prevent Kerberos 4 administrative clients from accessing the Kerberos database.

Block or Restrict Access

Block access to the Kerberos administration server from untrusted networks such as the Internet. Furthermore, only allow access to the server from trusted administrative hosts. The assigned port for the Kerberos 4 administrative protocol is 751/tcp and 751/udp; however, this may be configured differently. It may also be necessary to block access to Kerberos 5 administration daemons that support the Kerberos 4 administration protocol. The assigned port for the Kerberos 5 administrative protocol is 749/tcp and 749/udp. Again, this may be configured differently. Note that this workaround will not prevent exploitation, but it will limit the possible sources of attacks.

Vendor Information

875073

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer Inc. __ Affected

Notified: October 24, 2002 Updated: October 30, 2002

Status

Affected

Vendor Statement

The Kerberos Administration Daemon was included in Mac OS X 10.0, but removed in Mac OS X 10.1 and later.

We encourage sites that use vulnerable Kerberos distributions to verify the integrity of their systems and apply patches or upgrade as appropriate.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Conectiva __ Affected

Notified: October 24, 2002 Updated: November 06, 2002

Status

Affected

Vendor Statement

Our MIT Kerberos 5 packages in Conectiva Linux 8 do contain the vulnerable kadmind4 daemon, but it is not used by default nor is it installed as a service.

Updated packages are being uploaded to our ftp server and should be available in a few hours at:
<ftp://atualizacoes.conectiva.com.br/8/>
The krb5-server-1.2.3-3U8_3cl.i386.rpm package contains a patched kadmind4 daemon. An announcement will be sent to our security mailing list a few hours after the upload is complete.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Conectiva Linux Announcement CLSA-2002:534 (English).

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Debian __ Affected

Notified: October 24, 2002 Updated: November 08, 2002

Status

Affected

Vendor Statement

Please reference Debian Security Advisories DSA-183 (krb5), DSA-184 (krb4), and DSA-185 (Heimdal).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

In the initial (2002-10-25) version of CERT Advisory CA-2002-29, we mistakenly included a reference to Debian Security Advisory DSA-178. This was an error, DSA-178 does not address the vulnerability described in CA-2002-29 and VU#875073. Debian Security Advisory DSA-185 includes the Heimdal fixes in DSA-178 in addition to the fix for the vulnerability described in CA-2002-29 and VU#875073.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

FreeBSD __ Affected

Notified: October 24, 2002 Updated: November 13, 2002

Status

Affected

Vendor Statement

Both the FreeBSD base Kerberos 4 (kadmind) and Kerberos 5 (k5admind v4 compatibility) daemons were vulnerable and have been corrected as of 23 October 2002. In addition, the heimdal and krb5 ports contained the same vulnerability and have been corrected as of 24 October 2002. A Security Advisory is in progress.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see FreeBSD-SA-02:40.kadmind.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Gentoo Linux __ Affected

Updated: November 08, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

`- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200210-011

PACKAGE : krb5
SUMMARY?: buffer overflow
DATE ?? : 2002-10-28 14:10 UTC
EXPLOIT : remote
- - --------------------------------------------------------------------
A stack buffer overflow in the implementation of the Kerberos v4
compatibility administration daemon (kadmind4) in the MIT krb5
distribution can be exploited to gain unauthorized root access to a
KDC host. The attacker does not need to authenticate to the daemon to
successfully perform this attack. At least one exploit is known to
exist in the wild, and at least one attacker is reasonably competent
at cleaning up traces of intrusion.
Read the full advisory at
<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt>
SOLUTION
It is recommended that all Gentoo Linux users who are running
app-crypt/krb5 and earlier update their systems as follows:
emerge rsync
emerge krb5
emerge clean
- - --------------------------------------------------------------------
[email protected] - GnuPG key is available at www.gentoo.org/~aliz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9vUr1fT7nyhUpoZMRAhvRAJ9zxSpTuroJ57RA9lVFegHfCODgkgCbBGRb
4qBVkt0y6Ndn9pVFt0zrplo=
=SacS
-----END PGP SIGNATURE-----`

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Hewlett-Packard Company __ Affected

Notified: October 24, 2002 Updated: February 14, 2003

Status

Affected

Vendor Statement

Source: Hewlett-Packard Company Software Security Response Team

RE: CERT VU#875073 CA-2002-29
cross reference id: SSRT2396

HP’s implementation for the following Operating Systems Software are not affected by this potential buffer overflow vulnerability in the kadmind4 daemon.

HP-UX
HP-MPE/ix
HP Tru64 UNIX
HP OpenVMS
HP NonStop Servers
To report potential security vulnerabilities in HP software, send an E-mail message to: [email protected]

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

HP Secure OS Software for Linux is affected (HPSBTL0211-077).

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

IBM __ Affected

Notified: October 24, 2002 Updated: February 14, 2003

Status

Affected

Vendor Statement

The IBM pSeries Parallel Systems Support Programs (PSSP) implementation of Kerberos V4 (shipped with PSSP) is potentially vulnerable to the Kerberos V4 administration daemon buffer overflow described in CA-2002-29. For more information, see:

<http://techsupport.services.ibm.com/server/nav?fetch=/spflashes/home.html>
Click on the Service Flash for “Potential Kerberos V4 security vulnerability.” This link also contains APAR numbers and solution information.

The IBM Network Authentication Service (NAS) product is not vulnerable to the buffer overflow vulnerability in the kadmind4 daemon. NAS is currently at release 1.3 and is available from the AIX Expansion Pack. The kadmind4 daemon is not part of the NAS product.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

It is possible that PSSP and other IBM and third-party applications using DCE/Kerberos 5 may be vulnerable if they support Kerberos 4 administration.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

KTH Kerberos __ Affected

Notified: October 24, 2002 Updated: October 30, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

KTH has released updated versions of eBones (Kerberos 4) and Heimdal (Kerberos 5).

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

MIT Kerberos Development Team __ Affected

Notified: October 24, 2002 Updated: October 30, 2002

Status

Affected

Vendor Statement

MIT has released MIT krb5 Security Advisory 2002-002.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

MandrakeSoft __ Affected

Notified: October 24, 2002 Updated: November 08, 2002

Status

Affected

Vendor Statement

Please reference MandrakeSoft Security Advisory MDKSA-2002:073.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

NetBSD __ Affected

Notified: October 24, 2002 Updated: October 30, 2002

Status

Affected

Vendor Statement

Please see NetBSD-SA2002-026.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

OpenBSD __ Affected

Notified: October 24, 2002 Updated: November 08, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please reference Security Fix 001 for OpenBSD 3.2, Security Fix 016 for OpenBSD 3.1, and Security Fix 033 for OpenBSD 3.0.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Red Hat Inc. __ Affected

Notified: October 24, 2002 Updated: November 07, 2002

Status

Affected

Vendor Statement

Releases of Red Hat Linux version 6.2 and higher include versions of MIT Kerberos that are vulnerable to this issue; however the vulnerable administration server, kadmind4, has never been enabled by default. We are currently working on producing errata packages. When complete these will be available along with our advisory at the URL below. At the same time users of the Red Hat Network will be able to update their systems using the ‘up2date’ tool.

<http://rhn.redhat.com/errata/RHSA-2002-242.html>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Sorceror Linux __ Affected

Updated: February 14, 2003

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

<<http://online.securityfocus.com/archive/1/297604/2002-10-22/2002-10-28/2>>

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

BSDI __ Not Affected

Notified: October 24, 2002 Updated: October 24, 2002

Status

Not Affected

Vendor Statement

No version of BSD/OS is vulnerable to this problem.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Cray Inc. __ Not Affected

Notified: October 24, 2002 Updated: November 08, 2002

Status

Not Affected

Vendor Statement

Cray, Inc. is not vulnerable as the Kerberos administration daemon is not included in any of our operating systems.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Microsoft Corporation __ Not Affected

Notified: October 24, 2002 Updated: October 30, 2002

Status

Not Affected

Vendor Statement

Microsoft’s implementation of Kerberos is not affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Openwall GNU/*/Linux __ Not Affected

Notified: October 24, 2002 Updated: October 30, 2002

Status

Not Affected

Vendor Statement

Openwall GNU/*/Linux is not vulnerable. We don’t provide Kerberos.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

SuSE Inc. __ Not Affected

Notified: October 24, 2002 Updated: October 30, 2002

Status

Not Affected

Vendor Statement

SuSE Linux 7.2 and later are shipped with Heimdal Kerberos included, but Kerberos 4 support is disabled in all releases. Therefore, SuSE Linux and SuSE Enterprise Linux are not affected by this bug.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

In the initial (emailed) version CERT Advisory CA-2002-29, we mistakenly included a reference to SuSE Security Announcement (SuSE-SA:2002:034). This was an error, SuSE-SA:2002:034 does not address the vulnerability described in CA-2002-29 and VU#875073.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Sun Microsystems Inc. __ Not Affected

Notified: October 24, 2002 Updated: November 08, 2002

Status

Not Affected

Vendor Statement

The Sun Enterprise Authentication Mechanism (SEAM), Sun’s implementation of the Kerberos v5 protocols, is not affected by this issue. SEAM does not include support for the Kerberos v4 protocols and kadmind4 does not exist. Additional information regarding SEAM is available from:

<http://wwws.sun.com/software/security/kerberos/>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Xerox __ Not Affected

Notified: October 24, 2002 Updated: February 25, 2003

Status

Not Affected

Vendor Statement

A response to this advisory is available from our web site:

http://www.xerox.com/security.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

AT&T Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Alcatel Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Avaya Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Cisco Systems Inc. Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Computer Associates Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

D-Link Systems Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Data General Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

F5 Networks Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Fujitsu Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Guardian Digital Inc. Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Intel Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Juniper Networks Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Lucent Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

MontaVista Software Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Multinet Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

NEC Corporation Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Network Appliance Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Nortel Networks Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

SGI Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Sequent Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Sony Corporation Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

The SCO Group Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Unisphere Networks Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Unisys Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

Wirex Unknown

Notified: October 24, 2002 Updated: October 30, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23875073 Feedback>).

View all 46 vendors __View less vendors __