[FLSA-2005:154276] Updated krb5 packages fix security issues

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [FLSA-2005:154276] Updated krb5 packages fix security issues
From: Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
Date: Sun, 24 Jul 2005 10:53:21 -0400
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mozilla Thunderbird 1.0.6-1.1.fc4 (X11/20050720)

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated krb5 packages fix security issues
Advisory ID: FLSA:154276
Issue date: 2005-07-24
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2004-0523 CAN-2004-0642 CAN-2004-0643
CAN-2004-0644 CAN-2004-0772 CAN-2004-0971
CAN-2004-1189 CAN-2005-0468 CAN-2005-0469
---------------------------------------------------------------------

---------------------------------------------------------------------
1. Topic:

Updated Kerberos (krb5) packages that correct multiple security issues
are now available.

Kerberos is a networked authentication system that uses a trusted third
party (a KDC) to authenticate clients and servers to each other.

Note that some of these issues have already been fixed in Fedora Core 1.
Please refer to previous advisories for details.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

Several buffer overflows were possible for all Kerberos versions up to
and including 1.3.3 in the krb5_aname_to_localname library function. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0523 to this issue.

Several double-free bugs were found in the Kerberos 5 KDC and libraries.
A remote attacker could potentially exploit these flaws to execuate
arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CAN-2004-0642 and CAN-2004-0643
to these issues.

A double-free bug was also found in the krb524 server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0772 to this issue.

An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library.
A remote attacker may be able to trigger this flaw and cause a denial of
service. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0644 to this issue.

A heap based buffer overflow bug was found in the administration library
of Kerberos 1.3.5 and earlier. This bug could allow an authenticated
remote attacker to execute arbitrary commands on a realm's master
Kerberos KDC. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1189 to this issue.

Additionally a temporary file bug was found in the Kerberos krb5-send-pr
program. It is possible that an attacker could create a temporary file
that would allow an arbitrary file to be overwritten which the victim
has write access to. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0971 to this issue.

The krb5-workstation package includes a Kerberos-aware telnet client.
Two buffer overflow flaws were discovered in the way the telnet client
handles messages from a server. An attacker may be able to execute
arbitrary code on a victim's machine if the victim can be tricked into
connecting to a malicious telnet server. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468
and CAN-2005-0469 to these issues.

All users of krb5 should upgrade to these updated packages, which
contain backported security patches to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154276

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/krb5-1.2.4-16.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/krb5-devel-1.2.4-16.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/krb5-libs-1.2.4-16.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/krb5-server-1.2.4-16.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/krb5-workstation-1.2.4-16.1.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/krb5-1.2.7-38.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/krb5-devel-1.2.7-38.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/krb5-libs-1.2.7-38.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/krb5-server-1.2.7-38.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/krb5-workstation-1.2.7-38.3.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/krb5-1.3.4-5.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/krb5-devel-1.3.4-5.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/krb5-libs-1.3.4-5.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/krb5-server-1.3.4-5.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/krb5-workstation-1.3.4-5.3.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name
---------------------------------------------------------------------

4fcc561d7f179fb0672b0f273043c272b790f423
redhat/7.3/updates/i386/krb5-devel-1.2.4-16.1.legacy.i386.rpm
07938a62bd7498733b3e535a381fe18223184eda
redhat/7.3/updates/i386/krb5-libs-1.2.4-16.1.legacy.i386.rpm
c81a4385ede484d89187d5836d49cacbc5655ee1
redhat/7.3/updates/i386/krb5-server-1.2.4-16.1.legacy.i386.rpm
568b4b641c2b9a54eafd14b4099bc72d49f02137
redhat/7.3/updates/i386/krb5-workstation-1.2.4-16.1.legacy.i386.rpm
4ee83ff2a6f0bd9bdbf0726ba2fd4acf6c5f43cc
redhat/7.3/updates/SRPMS/krb5-1.2.4-16.1.legacy.src.rpm
0111aeb1c5946f18e8a48d1d27d8493c919ca936
redhat/9/updates/i386/krb5-devel-1.2.7-38.3.legacy.i386.rpm
35141598dbb9c60e8cd0b3f06b23528ee526bb46
redhat/9/updates/i386/krb5-libs-1.2.7-38.3.legacy.i386.rpm
bcaf771e3de01b16e73327cc3643a2ebd4fda6dd
redhat/9/updates/i386/krb5-server-1.2.7-38.3.legacy.i386.rpm
4b4b056d4abc0d69c14e7df45fa3b02e76db48fb
redhat/9/updates/i386/krb5-workstation-1.2.7-38.3.legacy.i386.rpm
ddc2bdafbecf5801a7238187936fee99966efc65
redhat/9/updates/SRPMS/krb5-1.2.7-38.3.legacy.src.rpm
389b8b7b2b59b4363f941e22213be5794e3321a0
fedora/1/updates/i386/krb5-devel-1.3.4-5.3.legacy.i386.rpm
f0f7a0e7a002751d9ed19d2c573f9b332759ac00
fedora/1/updates/i386/krb5-libs-1.3.4-5.3.legacy.i386.rpm
8d685627a81c1cc51545e8d43db8c3f2acc4a520
fedora/1/updates/i386/krb5-server-1.3.4-5.3.legacy.i386.rpm
9aed15c515e7e319fe880b064ecc595565db6575
fedora/1/updates/i386/krb5-workstation-1.3.4-5.3.legacy.i386.rpm
d8f81d57720d1b4c4fc393778f82d7119aeb209c
fedora/1/updates/SRPMS/krb5-1.3.4-5.3.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

---------------------------------------------------------------------

Attachment: signature.asc
Description: OpenPGP digital signature

Prev by Date: [FLSA-2005:152842] Updated lvm package fixes security issue
Next by Date: [ GLSA 200507-21 ] fetchmail: Buffer Overflow
Previous by thread: [FLSA-2005:152842] Updated lvm package fixes security issue
Next by thread: [ GLSA 200507-21 ] fetchmail: Buffer Overflow
Index(es):
- Date
- Thread