[prev in list] [next in list] [prev in thread] [next in thread]
List: annvix-announce
Subject: [announce] AVXSA-2005:019 security fixes
From: vdanen () annvix ! org
Date: 2005-07-15 5:13:44
Message-ID: E1DtIW8-0007OM-1k () build ! annvix ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Annvix Security Update Advisory
_______________________________________________________________________
Package name: krb5
Advisory ID: AVXSA-2005:019
Date: July 14th, 2005
Affected versions: 1.0-RELEASE
______________________________________________________________________
Problem Description:
A number of vulnerabilities have been corrected in this Kerberos
update:
The rcp protocol would allow a server to instruct a client to write to
arbitrary files outside of the current directory. The Kerberos-aware
rcp could be abused to copy files from a malicious server
(CAN-2004-0175).
Gael Delalleau discovered an information disclosure vulnerability in
the way some telnet clients handled messages from a server. This could
be abused by a malicious telnet server to collect information from the
environment of any victim connecting to the server using the Kerberos-
aware telnet client (CAN-2005-0488).
Daniel Wachdorf disovered that in error conditions that could occur in
response to correctly-formatted client requests, the Kerberos 5 KDC may
attempt to free uninitialized memory, which could cause the KDC to
crash resulting in a Denial of Service (CAN-2005-1174).
Daniel Wachdorf also discovered a single-byte heap overflow in the
krb5_unparse_name() function that could, if successfully exploited,
lead to a crash, resulting in a DoS. To trigger this flaw, an attacker
would need to have control of a Kerberos realm that shares a cross-
realm key with the target (CAN-2005-1175).
Finally, a double-free flaw was discovered in the krb5_recvauth()
routine which could be triggered by a remote unauthenticated attacker.
This issue could potentially be exploited to allow for the execution of
arbitrary code on a KDC. No exploit is currently known to exist
(CAN-2005-1689).
The updated packages have been patched to address this issue and
all users using Kerberos are urged to upgrade to these packages as
quickly as possible.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689
http://www.kb.cert.org/vuls/id/623332
http://www.kb.cert.org/vuls/id/259798
http://www.kb.cert.org/vuls/id/885830
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt
______________________________________________________________________
Updated Packages:
Annvix 1.0-RELEASE:
ff0d652d5c7ec641b09eec23ea538ded2dcddf47 1.0-RELEASE/SRPMS/krb5-1.3.6-5.1avx.src.rpm
2ee0d2168548901bb4ae3cf0dfa1704fec797eaa 1.0-RELEASE/i586/ftp-client-krb5-1.3.6-5.1avx.i586.rpm
113fe3aaf222c817f5330aa0040fe18e37200df1 1.0-RELEASE/i586/ftp-server-krb5-1.3.6-5.1avx.i586.rpm
d6d07ec1b9f4cc769ea2ea3aa7875ebe4a2d61b6 1.0-RELEASE/i586/krb5-server-1.3.6-5.1avx.i586.rpm
8f920743352ef0286d2b9334fd39f42f77a5c5ee 1.0-RELEASE/i586/krb5-workstation-1.3.6-5.1avx.i586.rpm
c0193a6710d2706cfeb1a05b55e970d91e2f032c 1.0-RELEASE/i586/libkrb51-1.3.6-5.1avx.i586.rpm
2b33a2808c227b49c7a9f06edd07fb62e21a0220 1.0-RELEASE/i586/libkrb51-devel-1.3.6-5.1avx.i586.rpm
cd03c9ebed3460cc154f228402944d5b7ab473e3 1.0-RELEASE/i586/telnet-client-krb5-1.3.6-5.1avx.i586.rpm
da14e22a08fe439c90c3593206fad167f5643067 1.0-RELEASE/i586/telnet-server-krb5-1.3.6-5.1avx.i586.rpm
c99c801cb0fd930f7c3c6850e7aa501047cc38fb 1.0-RELEASE/x86_64/ftp-client-krb5-1.3.6-5.1avx.x86_64.rpm
ef108793bc891391c5a2af6f560768b04fcdcec9 1.0-RELEASE/x86_64/ftp-server-krb5-1.3.6-5.1avx.x86_64.rpm
fed86bb85f6fb0b8c1516f34f0bdef15e513d1af 1.0-RELEASE/x86_64/krb5-server-1.3.6-5.1avx.x86_64.rpm
5e54c513632ce135fdcaf9728068565e1ba993b0 1.0-RELEASE/x86_64/krb5-workstation-1.3.6-5.1avx.x86_64.rpm
4b44ee3f17767754a37a0c6d39e690fbefbab552 1.0-RELEASE/x86_64/lib64krb51-1.3.6-5.1avx.x86_64.rpm
1eda010c6ae491a50d84a4fe8735862145336e6c 1.0-RELEASE/x86_64/lib64krb51-devel-1.3.6-5.1avx.x86_64.rpm
10b504583ea1ed5dd92392be1dded9ec0205b8fb 1.0-RELEASE/x86_64/telnet-client-krb5-1.3.6-5.1avx.x86_64.rpm
c9e2465bf396c82ae59455611aa8161432a5037c 1.0-RELEASE/x86_64/telnet-server-krb5-1.3.6-5.1avx.x86_64.rpm
_______________________________________________________________________
All Annvix security advisories are available at:
http://annvix.org/advisories/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFC10SjJnj1HmfyJpYRAtZbAKDg6x/GSvvmHNjrzLY140TiRaP4lwCgve7o
2MTvV9m5XxFyMy0gl89yCns=
=gDgG
-----END PGP SIGNATURE-----
_______________________________________________
announce mailing list
announce@annvix.org
http://annvix.org/mailman/listinfo/announce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic