[ MDKSA-2007:077 ] - Updated krb5 packages fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:077
http://www.mandriva.com/security/
_______________________________________________________________________
Package : krb5
Date : April 4, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability was found in the username handling of the MIT krb5
telnet daemon. A remote attacker that could access the telnet port
of a target machine could login as root without requiring a password
(CVE-2007-0956).
Buffer overflows in the kadmin server daemon were discovered that could
be exploited by a remote attacker able to access the KDC. Successful
exploitation could allow for the execution of arbitrary code with the
privileges of the KDC or kadmin server processes (CVE-2007-0957).
Finally, a double-free flaw was discovered in the GSSAPI library used
by the kadmin server daemon, which could lead to a denial of service
condition or the execution of arbitrary code with the privileges of
the KDC or kadmin server processes (CVE-2007-1216).
Updated packages have been patched to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
f76875e9839deaf87628a3c7e0a81632
2006.0/i586/ftp-client-krb5-1.4.2-2.2.20060mdk.i586.rpm
d2448392e0c350d3ca488d2e73e57f6d
2006.0/i586/ftp-server-krb5-1.4.2-2.2.20060mdk.i586.rpm
42e6330603ecaed04ea0649f7050a4c1
2006.0/i586/krb5-server-1.4.2-2.2.20060mdk.i586.rpm
adadd1cad1f1bc5f01809a508d2b8fd1
2006.0/i586/krb5-workstation-1.4.2-2.2.20060mdk.i586.rpm
ab8987522600f8e629901563e3be90c2
2006.0/i586/libkrb53-1.4.2-2.2.20060mdk.i586.rpm
7d70bb7bb821c3e91e9d062330528815
2006.0/i586/libkrb53-devel-1.4.2-2.2.20060mdk.i586.rpm
f4104abdc22e16574bcddde0a178d935
2006.0/i586/telnet-client-krb5-1.4.2-2.2.20060mdk.i586.rpm
110f54ead0abc486faa1f2b47057122b
2006.0/i586/telnet-server-krb5-1.4.2-2.2.20060mdk.i586.rpm
8cc03b4b7cc34cb3c2b53e4f9f9b73dd 2006.0/SRPMS/krb5-1.4.2-2.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
0f2d7c3fc50552aa586dd6c5b12a5b85
2006.0/x86_64/ftp-client-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
bbd94e005c67b4b94cf544b736028416
2006.0/x86_64/ftp-server-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
f406f21d7b210ae6d489c77c15d34a60
2006.0/x86_64/krb5-server-1.4.2-2.2.20060mdk.x86_64.rpm
9d00284ec202ed44e63266698a1d85e6
2006.0/x86_64/krb5-workstation-1.4.2-2.2.20060mdk.x86_64.rpm
8ca28a4cc9eb7f292a1d73b975740fab
2006.0/x86_64/lib64krb53-1.4.2-2.2.20060mdk.x86_64.rpm
565b9a19c5cf7b94dcf28e1bc1e21d2e
2006.0/x86_64/lib64krb53-devel-1.4.2-2.2.20060mdk.x86_64.rpm
5c931d032ce9d3ed91a4e4b04f20bfb8
2006.0/x86_64/telnet-client-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
27b39ae245a43322d4abbb4191da56ac
2006.0/x86_64/telnet-server-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
8cc03b4b7cc34cb3c2b53e4f9f9b73dd 2006.0/SRPMS/krb5-1.4.2-2.2.20060mdk.src.rpm
Mandriva Linux 2007.0:
6dfbc8eef1479cce19c957bbed4457aa
2007.0/i586/ftp-client-krb5-1.4.3-6.1mdv2007.0.i586.rpm
54ff3fe8a117603f8700e96f34a1b33a
2007.0/i586/ftp-server-krb5-1.4.3-6.1mdv2007.0.i586.rpm
2caf0205301d01a6be4ad1506944ba39
2007.0/i586/krb5-server-1.4.3-6.1mdv2007.0.i586.rpm
b7b4a4f4b1fa356ca6468ffece1dfce8
2007.0/i586/krb5-workstation-1.4.3-6.1mdv2007.0.i586.rpm
ab253c6ad6ecd7c15c1d150f5ed34091
2007.0/i586/libkrb53-1.4.3-6.1mdv2007.0.i586.rpm
f192ef28bb37286be1e291761d3ced9c
2007.0/i586/libkrb53-devel-1.4.3-6.1mdv2007.0.i586.rpm
d208fcaa1c5069c657815061ed3b2687
2007.0/i586/telnet-client-krb5-1.4.3-6.1mdv2007.0.i586.rpm
0f95ea728eca0962591d142c74238700
2007.0/i586/telnet-server-krb5-1.4.3-6.1mdv2007.0.i586.rpm
87c94334c61bc67e3ef95e930ee72149 2007.0/SRPMS/krb5-1.4.3-6.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
02a5ebc046e0cb9133162ce621fb3b1f
2007.0/x86_64/ftp-client-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
0a2b6ae87af0ed4ec445b65531d3408a
2007.0/x86_64/ftp-server-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
e2958d861bb45c52be5cad5bbf08ef35
2007.0/x86_64/krb5-server-1.4.3-6.1mdv2007.0.x86_64.rpm
fac1f28b2c5a2065ffa772e2e1cb6d70
2007.0/x86_64/krb5-workstation-1.4.3-6.1mdv2007.0.x86_64.rpm
36bcd1fb2e859c637256680ca4fc468b
2007.0/x86_64/lib64krb53-1.4.3-6.1mdv2007.0.x86_64.rpm
7d936ed2b1441714205e987bd63a2ec5
2007.0/x86_64/lib64krb53-devel-1.4.3-6.1mdv2007.0.x86_64.rpm
4754b9b3ce36cad7d3dfa852a03d7fe0
2007.0/x86_64/telnet-client-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
71832a8dcf70b4e46b0bb9bc3343860d
2007.0/x86_64/telnet-server-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
87c94334c61bc67e3ef95e930ee72149 2007.0/SRPMS/krb5-1.4.3-6.1mdv2007.0.src.rpm
Corporate 3.0:
02c99157c7a70bcf69309e4ef15dd886
corporate/3.0/i586/ftp-client-krb5-1.3-6.8.C30mdk.i586.rpm
3f58daeaaed40d88f74507049966df22
corporate/3.0/i586/ftp-server-krb5-1.3-6.8.C30mdk.i586.rpm
3703251ed231c0df3bc0d2477ef77f6a
corporate/3.0/i586/krb5-server-1.3-6.8.C30mdk.i586.rpm
ff9ca353c32ed0c0a655ef9a4179c751
corporate/3.0/i586/krb5-workstation-1.3-6.8.C30mdk.i586.rpm
de0c33d4bc2fc6b61d365f91e366bd67
corporate/3.0/i586/libkrb51-1.3-6.8.C30mdk.i586.rpm
5fac8b79343bef871b450524682b5c68
corporate/3.0/i586/libkrb51-devel-1.3-6.8.C30mdk.i586.rpm
4a0216e5afa5ec83523e5cfdcd6fda24
corporate/3.0/i586/telnet-client-krb5-1.3-6.8.C30mdk.i586.rpm
ae5eed1f6591a785f4093924d98d640f
corporate/3.0/i586/telnet-server-krb5-1.3-6.8.C30mdk.i586.rpm
b76e0f3069504ba96ed29c13f8f8d9b6
corporate/3.0/SRPMS/krb5-1.3-6.8.C30mdk.src.rpm
Corporate 3.0/X86_64:
effb08ab8684a97a591c8112d146e827
corporate/3.0/x86_64/ftp-client-krb5-1.3-6.8.C30mdk.x86_64.rpm
110e5a4422f57c7c7db46967f265ed20
corporate/3.0/x86_64/ftp-server-krb5-1.3-6.8.C30mdk.x86_64.rpm
a178af307e6c416bb77b9dc45ff49ac6
corporate/3.0/x86_64/krb5-server-1.3-6.8.C30mdk.x86_64.rpm
b84aab804554143cf1a9ce511a42a81a
corporate/3.0/x86_64/krb5-workstation-1.3-6.8.C30mdk.x86_64.rpm
a122ef49d58a704d321297eea594b3f6
corporate/3.0/x86_64/lib64krb51-1.3-6.8.C30mdk.x86_64.rpm
b68729b8c2d401fec19beb5ad68006e7
corporate/3.0/x86_64/lib64krb51-devel-1.3-6.8.C30mdk.x86_64.rpm
63482694130642c1e156054e9a944d3a
corporate/3.0/x86_64/telnet-client-krb5-1.3-6.8.C30mdk.x86_64.rpm
52c1eada2b3104f8387f2b5eee0c5e92
corporate/3.0/x86_64/telnet-server-krb5-1.3-6.8.C30mdk.x86_64.rpm
b76e0f3069504ba96ed29c13f8f8d9b6
corporate/3.0/SRPMS/krb5-1.3-6.8.C30mdk.src.rpm
Corporate 4.0:
0b6d63d25604e886c74688f5189e3d99
corporate/4.0/i586/ftp-client-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
8f0ddc6328ca242f74d1238d7c42a097
corporate/4.0/i586/ftp-server-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
50f2d47b6c02cff492bb0a39073f9ad4
corporate/4.0/i586/krb5-server-1.4.3-5.2.20060mlcs4.i586.rpm
dc869f11fab9a71c5970fa7b574276bf
corporate/4.0/i586/krb5-workstation-1.4.3-5.2.20060mlcs4.i586.rpm
2961482510210a3ceec020566b4fd370
corporate/4.0/i586/libkrb53-1.4.3-5.2.20060mlcs4.i586.rpm
49954e190e4e672b5437d36a4d9befaa
corporate/4.0/i586/libkrb53-devel-1.4.3-5.2.20060mlcs4.i586.rpm
204894da33e23e65f71b73dc538262da
corporate/4.0/i586/telnet-client-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
ae51fdd37d52903ecc548fa7b66f0129
corporate/4.0/i586/telnet-server-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
e646f77683f9ebc6591be949bc8208bc
corporate/4.0/SRPMS/krb5-1.4.3-5.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
d4b0719081f93a1806868f24f8100b0c
corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
ee3b47806dd47f634b97b0dba99f80f2
corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
64d9d4d773b6aed752db77ec282d7c3e
corporate/4.0/x86_64/krb5-server-1.4.3-5.2.20060mlcs4.x86_64.rpm
62426e65d7b5662f27c185a92f353c98
corporate/4.0/x86_64/krb5-workstation-1.4.3-5.2.20060mlcs4.x86_64.rpm
65f8e462a0333caec9512aabe944d9ab
corporate/4.0/x86_64/lib64krb53-1.4.3-5.2.20060mlcs4.x86_64.rpm
811fbfdcfa723937dbfc2af3670baa70
corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.2.20060mlcs4.x86_64.rpm
6b2c5735bcc66849bbae68cfae669535
corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
e4fb528ecf1d98fdae0d76c873d6b88f
corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
e646f77683f9ebc6591be949bc8208bc
corporate/4.0/SRPMS/krb5-1.4.3-5.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
eec7136889615016b562fcf56cd38202
mnf/2.0/i586/libkrb51-1.3-6.8.M20mdk.i586.rpm
b64b6185d2a648f74b2f024acf4bab01 mnf/2.0/SRPMS/krb5-1.3-6.8.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGE/QnmqjQ0CJFipgRAqdTAJwJFpOdUkGk29ZoXOsbG7XJzNr5QACdEHje
LcAyjeDR8D1kS+r0g6mLwKo=
=Yp6C
-----END PGP SIGNATURE-----