Jump to content

Updated krb5 packages fix vulnerabilties

mystified

By mystified
in Mandriva Security Advisories

 Share

Recommended Posts

mystified Platinum

mystified

Posted
Posted

Mandrakesoft Security Advisories

 

Package name krb5

Date August 31st, 2004

Advisory ID MDKSA-2004:088

Affected versions 9.1, 9.2, 10.0, MNF8.2, CS2.1

Synopsis Updated krb5 packages fix multiple vulnerabilities

 

 

Problem Description

 

A double-free vulnerability exists in the MIT Kerberos 5's KDC program that could potentially allow a remote attacker to execute arbitrary code on the KDC host. As well, multiple double-free vulnerabilities exist in the krb5 library code, which makes client programs and application servers vulnerable. The MIT Kerberos 5 development team believes that exploitation of these bugs would be difficult and no known vulnerabilities are believed to exist. The vulnerability in krb524d was discovered by Marc Horowitz; the other double-free vulnerabilities were discovered by Will Fiveash and Nico Williams at Sun.

 

Will Fiveash and Nico Williams also found another vulnerability in the ASN.1 decoder library. This makes krb5 vulnerable to a DoS (Denial of Service) attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack.

 

The MIT Kerberos 5 team has provided patches which have been applied to the updated software to fix these issues. Mandrakesoft encourages all users to upgrade immediately.

 

 

Updated Packages

 

 

Mandrakelinux 9.1

 

097a2e12350a3ade31fae4c932d19e07 9.1/RPMS/ftp-client-krb5-1.2.7-1.4.91mdk.i586.rpm

2c633d7c508d76965cd3810dc031a4db 9.1/RPMS/ftp-server-krb5-1.2.7-1.4.91mdk.i586.rpm

76f2c05668511a7f4ba91bdc386ef4fe 9.1/RPMS/krb5-devel-1.2.7-1.4.91mdk.i586.rpm

9d40edf481b4f422428f85ff74dbc74c 9.1/RPMS/krb5-libs-1.2.7-1.4.91mdk.i586.rpm

ca64ff3f58567d44e15289ef74616f53 9.1/RPMS/krb5-server-1.2.7-1.4.91mdk.i586.rpm

98b098ebc6458fbee8a4f8f8931cbb03 9.1/RPMS/krb5-workstation-1.2.7-1.4.91mdk.i586.rpm

5166992c03e97b9fa55609271747b2ae 9.1/RPMS/telnet-client-krb5-1.2.7-1.4.91mdk.i586.rpm

59a9763e113ad2f319c826b8e13762d0 9.1/RPMS/telnet-server-krb5-1.2.7-1.4.91mdk.i586.rpm

6c62e73e872133b51287c902d15511b1 9.1/SRPMS/krb5-1.2.7-1.4.91mdk.src.rpm

 

Mandrakelinux 9.1/PPC

 

7105c4249b38453bc5fabf2ebe19b870 ppc/9.1/RPMS/ftp-client-krb5-1.2.7-1.4.91mdk.ppc.rpm

5b8bdffbdd3cc36b7763a9fb380e366f ppc/9.1/RPMS/ftp-server-krb5-1.2.7-1.4.91mdk.ppc.rpm

d516817207e2773b33cb823d913e04c3 ppc/9.1/RPMS/krb5-devel-1.2.7-1.4.91mdk.ppc.rpm

32fa10923b950f4a125e2228ad7cabca ppc/9.1/RPMS/krb5-libs-1.2.7-1.4.91mdk.ppc.rpm

6da80b652767d48a9305448470151229 ppc/9.1/RPMS/krb5-server-1.2.7-1.4.91mdk.ppc.rpm

1f7e604cf9a7e305facd53542c3e15df ppc/9.1/RPMS/krb5-workstation-1.2.7-1.4.91mdk.ppc.rpm

b9dee2c91cd387e0d6e062a1ccc00662 ppc/9.1/RPMS/telnet-client-krb5-1.2.7-1.4.91mdk.ppc.rpm

fb648e078c85433de7f9ac7ef90709dc ppc/9.1/RPMS/telnet-server-krb5-1.2.7-1.4.91mdk.ppc.rpm

6c62e73e872133b51287c902d15511b1 ppc/9.1/SRPMS/krb5-1.2.7-1.4.91mdk.src.rpm

 

Mandrakelinux 9.2

 

90415502d5a62a79594f5fef4244e7c8 9.2/RPMS/ftp-client-krb5-1.3-3.3.92mdk.i586.rpm

7d82c32903319720fba066204ab175e1 9.2/RPMS/ftp-server-krb5-1.3-3.3.92mdk.i586.rpm

b1ddf3c172f89fb13fa0f786969ccc31 9.2/RPMS/krb5-server-1.3-3.3.92mdk.i586.rpm

40acba56c3e11c475e31de3a1bae0cb5 9.2/RPMS/krb5-workstation-1.3-3.3.92mdk.i586.rpm

cfd5554e669ef905f74594bcba6ccf4c 9.2/RPMS/libkrb51-1.3-3.3.92mdk.i586.rpm

5ea52458e2d00aa6a300aaa5a50ca389 9.2/RPMS/libkrb51-devel-1.3-3.3.92mdk.i586.rpm

6c081822fb10635aa6794e9930b3a2ea 9.2/RPMS/telnet-client-krb5-1.3-3.3.92mdk.i586.rpm

2a41c73fa2475981a944062984a2dd2d 9.2/RPMS/telnet-server-krb5-1.3-3.3.92mdk.i586.rpm

8799df57f8078659c7942a18da4f180b 9.2/SRPMS/krb5-1.3-3.3.92mdk.src.rpm

 

Mandrakelinux 9.2/AMD64

 

cb418490002d5bfc9a063a35e04e4b06 amd64/9.2/RPMS/ftp-client-krb5-1.3-3.3.92mdk.amd64.rpm

6eb46b17f7d259196837767edaf0362e amd64/9.2/RPMS/ftp-server-krb5-1.3-3.3.92mdk.amd64.rpm

bfec6312e1bfe7df0af348238ffb3e54 amd64/9.2/RPMS/krb5-server-1.3-3.3.92mdk.amd64.rpm

8db31b019fed08e22731bcc42528b883 amd64/9.2/RPMS/krb5-workstation-1.3-3.3.92mdk.amd64.rpm

7d167edd4f1586679651851964ce90ea amd64/9.2/RPMS/lib64krb51-1.3-3.3.92mdk.amd64.rpm

e16b452c492c3b38b47e5f7ac29ccb51 amd64/9.2/RPMS/lib64krb51-devel-1.3-3.3.92mdk.amd64.rpm

46e3c90ed9654d144f4c1970857abc44 amd64/9.2/RPMS/telnet-client-krb5-1.3-3.3.92mdk.amd64.rpm

e6ba681247da6ff006841be52ec974d1 amd64/9.2/RPMS/telnet-server-krb5-1.3-3.3.92mdk.amd64.rpm

8799df57f8078659c7942a18da4f180b amd64/9.2/SRPMS/krb5-1.3-3.3.92mdk.src.rpm

 

Mandrakelinux 10.0

 

73bb98eb62d434558f17831600fb1458 10.0/RPMS/ftp-client-krb5-1.3-6.3.100mdk.i586.rpm

c478483ce848d59f3f3cf392fbc1eb4b 10.0/RPMS/ftp-server-krb5-1.3-6.3.100mdk.i586.rpm

9e373a4d304f7c6158769f7703a76b01 10.0/RPMS/krb5-server-1.3-6.3.100mdk.i586.rpm

c3ec5f6e266efe0df3dea9edcf801358 10.0/RPMS/krb5-workstation-1.3-6.3.100mdk.i586.rpm

34951f4e03deff6e11025f1955035ae0 10.0/RPMS/libkrb51-1.3-6.3.100mdk.i586.rpm

2e1e16e24bcbbed0c6b9b3cd46eca10c 10.0/RPMS/libkrb51-devel-1.3-6.3.100mdk.i586.rpm

b8201603630be58a4fa7facb91c7f154 10.0/RPMS/telnet-client-krb5-1.3-6.3.100mdk.i586.rpm

666908b4dea44b25838965b02f00c1dd 10.0/RPMS/telnet-server-krb5-1.3-6.3.100mdk.i586.rpm

f3aaaf216f7a850eaf8cb598a20ffc10 10.0/SRPMS/krb5-1.3-6.3.100mdk.src.rpm

 

Mandrakelinux 10.0/AMD64

 

2af868662b6264e92be5db61ab15d556 amd64/10.0/RPMS/ftp-client-krb5-1.3-6.3.100mdk.amd64.rpm

31bf307767c05eae0ac91a417b8bc1f9 amd64/10.0/RPMS/ftp-server-krb5-1.3-6.3.100mdk.amd64.rpm

319c35d89dddb94c6c5a70d407e466df amd64/10.0/RPMS/krb5-server-1.3-6.3.100mdk.amd64.rpm

080f4241e3b5029ca271491de7fb82c0 amd64/10.0/RPMS/krb5-workstation-1.3-6.3.100mdk.amd64.rpm

dfdff0b6b8e67292226c72abdec54e02 amd64/10.0/RPMS/lib64krb51-1.3-6.3.100mdk.amd64.rpm

155f76064f777a5f2d912ff18b1f0303 amd64/10.0/RPMS/lib64krb51-devel-1.3-6.3.100mdk.amd64.rpm

d20e6f4e4eb501f05d9e6af488add5a9 amd64/10.0/RPMS/telnet-client-krb5-1.3-6.3.100mdk.amd64.rpm

ed5c9891c82e49b28572e7df936f6493 amd64/10.0/RPMS/telnet-server-krb5-1.3-6.3.100mdk.amd64.rpm

f3aaaf216f7a850eaf8cb598a20ffc10 amd64/10.0/SRPMS/krb5-1.3-6.3.100mdk.src.rpm

 

Multi Network Firewall 8.2

 

e8fb8405db0a463f4f83bad54064770f mnf8.2/RPMS/krb5-libs-1.2.2-17.8.M82mdk.i586.rpm

da83d39d128b15e4ed7c5311c3753ce4 mnf8.2/SRPMS/krb5-1.2.2-17.8.M82mdk.src.rpm

 

Corporate Server 2.1

 

9d22863c6d09a174166e708b7c6ba939 corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.7.C21mdk.i586.rpm

84cebdea8971d8248f93f3082fb0fe31 corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.7.C21mdk.i586.rpm

41588cb74622aae52f110ac9d15041cb corporate/2.1/RPMS/krb5-devel-1.2.5-1.7.C21mdk.i586.rpm

a0c447a980bbe4690af8bf5cb1676a5c corporate/2.1/RPMS/krb5-libs-1.2.5-1.7.C21mdk.i586.rpm

36d8acaa6d56802ae6c85d62e29ed60f corporate/2.1/RPMS/krb5-server-1.2.5-1.7.C21mdk.i586.rpm

05c39800a5b323e82f670398c77fff08 corporate/2.1/RPMS/krb5-workstation-1.2.5-1.7.C21mdk.i586.rpm

1cd56fccbfa1412f5fb90c0bbcc4647f corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.7.C21mdk.i586.rpm

d716bf6b8fd8836203dac119db0ee0b4 corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.7.C21mdk.i586.rpm

9447bb1a7e7520fcde4ebfc33ab72d6e corporate/2.1/SRPMS/krb5-1.2.5-1.7.C21mdk.src.rpm

 

Corporate Server 2.1/X86_64

 

7cc0c84ac6d19ed0d5ce75409aaf5c32 x86_64/corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.7.C21mdk.x86_64.rpm

2f78604bcb5826934d18761973861c43 x86_64/corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.7.C21mdk.x86_64.rpm

92f08007a0f82334b7510aa51b2462a8 x86_64/corporate/2.1/RPMS/krb5-devel-1.2.5-1.7.C21mdk.x86_64.rpm

812e14a4be8fc9da8c4b8d1796e91537 x86_64/corporate/2.1/RPMS/krb5-libs-1.2.5-1.7.C21mdk.x86_64.rpm

ddbf43767fe84596fd841208e4f52411 x86_64/corporate/2.1/RPMS/krb5-server-1.2.5-1.7.C21mdk.x86_64.rpm

8dd02b95a90960233afc8dcd40d1d057 x86_64/corporate/2.1/RPMS/krb5-workstation-1.2.5-1.7.C21mdk.x86_64.rpm

70dd009c061b6124d49d91464c10d7ea x86_64/corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.7.C21mdk.x86_64.rpm

7d5721b36c4d5df068c60eee73742c8a x86_64/corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.7.C21mdk.x86_64.rpm

9447bb1a7e7520fcde4ebfc33ab72d6e x86_64/corporate/2.1/SRPMS/krb5-1.2.5-1.7.C21mdk.src.rpm

 

References

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0642

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0643

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0644

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0772

http://www.kb.cert.org/vuls/id/550464

http://www.kb.cert.org/vuls/id/795632

http://www.kb.cert.org/vuls/id/866472

http://www.kb.cert.org/vuls/id/350792

http://web.mit.edu/kerberos/advisories/MIT...002-dblfree.txt

http://web.mit.edu/kerberos/advisories/MIT...04-003-asn1.txt

 

 

Upgrade

 

 

To upgrade automatically, use MandrakeUpdate.

 

Verification

 

 

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

 

rpm --checksig package.rpm

 

 

You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM.

 

If you use MandrakeUpdate, the verification of

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...