Novell SASL GSSAPI Login Method 2.0.2 for NMAS 3.3.2.3

This document (5068560) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

This patch does not supersede any other patches.

patches that supersede this patch

Product	Status	Next Superceded By	Last Superceded By
Novell eDirectory 8.8.5	Obsolete	Novell SASL GSSAPI Login Method 2.8.3.1 for NMAS	Novell SASL GSSAPI Login Method 2.8.3.1 for NMAS

patch attributes

Architecture: x86, x86-64

Security patch: Yes

Priority: Mandatory

Distribution Type: Public

http://download.novell.com/Download?buildid=9Ddu8DuN63Q~

document

Revision: 5

Document ID: 5068560

Creation Date: 2010-02-16 18:55:03

Modified Date: 2011-06-02 17:50:56

abstract

This patch is an update to the GSSAPI method to resolve a security issue in Novell's older Kerberos KDC 1.5.

Platforms: Linux.

NOTE: DO NOT INSTALL THIS UPDATE ON AN OES LINUX SERVER!!!!

THE OES CHANNEL MUST BE USED TO UPDATE NMAS FOR OES SERVERS!!!!

The readme and platform install docs have been moved online. Please refer to this online document for the latest updated information for this patch.

File: gssapi.zip

MD5SUM: 24dd5e5122e4cce5643b5fd0c4e4b65a

details

ISSUES RESOLVED

- Security vulnerability in the crypto library of MIT Kerberos (Bug 573387) (CVE-2009-4212) (MITKRB5-SA-2009-004)
TID 7002100: http://www.novell.com/support/viewContent.do?externalId=7003100

To resolve this defect as reported by MIT Kerberos both Kerberos and the GSSAPI method must be updated.
Kerberos 1.5: http://download.novell.com/Download?buildid=i9_BmLPleO0~
GSSAPI method: http://download.novell.com/Download?buildid=9Ddu8DuN63Q~

For a list of all Novell Security Services patches and the issues resolved by them please refer to:
History of Issues Resolved for Novell Security Components
http://www.novell.com/support/viewContent.do?externalId=7005397

INSTALLATION:

The detailed instructions for adding NMAS methods are available in the NMAS Administration Guide, #http://www.novell.com/documentation/nmas33/admin/data/a49tuwk.html.

Adding/Updating the Method using nmasinst
1.Download and extract the contents of the method zip file into a temporary directory.
2.Install SASL GSSAPI NMAS method using nmasinst:
For exampe:
nmasinst -addmethod admin.novell TREE_NAME \
/path/to/GSSAPI/config.txt

Adding the Method using iManager (using NMAS plugin)
1.In iManager, navigate to Roles and Tasks > NMAS > NMAS Login Methods.
2.Click New.
3.Browse and select the method ZIP file and click Next.
4.Click Finish.
Updating the Method (if its previous version is installed already) using iManager
1.In iManager, navigate to Roles and Tasks > NMAS > NMAS Login Methods.
2.Select the GSSAPI method from the list of installed methods.
3.Click Update.
4.Browse and select the method ZIP file and click Next.
5.Click Finish.

security fixes

CVE-2009-4212
MITKRB5-SA-2009-004

file contents

Files Included	Size	Date
gssapi.zip	1.6 MB (1758697)	2010-02-16 18:24:49
readme_5068560.html	N/A	2011-06-02 17:50:58

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.