Thanks for all of the responses. After some more research and several folks pointed out that the Retina scan report is false positive due to the fact that Oracle has ported/modified a version of MIT's Kerberos to work with the operating system. And the version of Kerberos that Retina is flagging is not what comes with Solaris. Retina finds Kerberos on the system and just assumes it's the MIT version. Several people said to simply remove Kerberos but some programs (telnet/rlogin) use libraries from the Kerberos package and they will stop working if Kerberos is removed. Original question: On 2/28/2012 2:04 PM, Clift, Tom CIV NSWCDD, K55 wrote: > Not sure how many of you have to deal with Retina scans but it's a product > that most military facilities use to scan systems and compare to a database of > known vulnerbilities also called IAVA's and IAVB's. > > We have a few Solaris 10 systems that have the lastest recommended patch sets > and report an IAVB (2012-B-0002) which is a Kerberos vulnerbility. The fix > action is to upgrade Kerberos to version 1.8 or higher. > > I can't seem to find a way to upgrade Kerberos. I do see four Kerberos > packages on my system: SUNWkdcr, SUNWkdcu, SUNWkrbr, SUNWkrbu. Tom Clift NSWCDD - K55 540-653-8023 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed Feb 29 05:16:00 2012
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:18 EST