LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Updated krb5 packages fix security Print E-mail
User Rating:      How can I rate this item?
Posted by Joseph Shakespeare   
RedHat Linux Updated Kerberos (krb5) packages that correct buffer overflow and temporary file bugs are now available for Red Hat Enterprise Linux.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated krb5 packages fix security vulnerabilities
Advisory ID:       RHSA-2005:012-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-012.html
Issue date:        2005-01-19
Updated on:        2005-01-19
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0971 CAN-2004-1189
- ---------------------------------------------------------------------

1. Summary:

Updated Kerberos (krb5) packages that correct buffer overflow and temporary
file bugs are now available for Red Hat Enterprise Linux.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Kerberos is a networked authentication system that uses a trusted third
party (a KDC) to authenticate clients and servers to each other.

A heap based buffer overflow bug was found in the administration library of
Kerberos 1.3.5 and earlier.  This bug could allow an authenticated remote
attacker to execute arbitrary commands on a realm's master Kerberos KDC. 
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1189 to this issue.

Additionally a temporary file bug was found in the Kerberos krb5-send-pr
program.  It is possible that an attacker could create a temporary file
that would allow an arbitrary file to be overwritten which the victim has
write access to.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0971 to this issue.

All users of krb5 should upgrade to these updated packages, which contain
backported security patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

136304 - CAN-2004-0971 temporary file vulnerabilities in krb5-send-pr script
140066 - CAN-2004-0971 temporary file vulnerabilities in krb5-send-pr script
142902 - CAN-2004-1189 buffer overflow in krb5

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/krb5-1.2.2-32.src.rpm
9edeec6ee7d71eb15e92ff100dd53cf9  krb5-1.2.2-32.src.rpm

i386:
5e983e2655f19f5291a36e006d4258fe  krb5-devel-1.2.2-32.i386.rpm
3a6837c6854918d054574c845a81fe1e  krb5-libs-1.2.2-32.i386.rpm
9d6720b7a0eb84e75c66f06910b7ac13  krb5-server-1.2.2-32.i386.rpm
ea1826ed45658cdade4fa53f6692f2ac  krb5-workstation-1.2.2-32.i386.rpm

ia64:
7641b31ba2d148739cf87b4d80725f4e  krb5-devel-1.2.2-32.ia64.rpm
cf1d8835e783ff996241275049b90275  krb5-libs-1.2.2-32.ia64.rpm
95944c38c02a0985737ce92a974397e3  krb5-server-1.2.2-32.ia64.rpm
3e318a692f05c640da6b25d5134cda87  krb5-workstation-1.2.2-32.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/krb5-1.2.2-32.src.rpm
9edeec6ee7d71eb15e92ff100dd53cf9  krb5-1.2.2-32.src.rpm

ia64:
7641b31ba2d148739cf87b4d80725f4e  krb5-devel-1.2.2-32.ia64.rpm
cf1d8835e783ff996241275049b90275  krb5-libs-1.2.2-32.ia64.rpm
95944c38c02a0985737ce92a974397e3  krb5-server-1.2.2-32.ia64.rpm
3e318a692f05c640da6b25d5134cda87  krb5-workstation-1.2.2-32.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/krb5-1.2.2-32.src.rpm
9edeec6ee7d71eb15e92ff100dd53cf9  krb5-1.2.2-32.src.rpm

i386:
5e983e2655f19f5291a36e006d4258fe  krb5-devel-1.2.2-32.i386.rpm
3a6837c6854918d054574c845a81fe1e  krb5-libs-1.2.2-32.i386.rpm
9d6720b7a0eb84e75c66f06910b7ac13  krb5-server-1.2.2-32.i386.rpm
ea1826ed45658cdade4fa53f6692f2ac  krb5-workstation-1.2.2-32.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/krb5-1.2.2-32.src.rpm
9edeec6ee7d71eb15e92ff100dd53cf9  krb5-1.2.2-32.src.rpm

i386:
5e983e2655f19f5291a36e006d4258fe  krb5-devel-1.2.2-32.i386.rpm
3a6837c6854918d054574c845a81fe1e  krb5-libs-1.2.2-32.i386.rpm
9d6720b7a0eb84e75c66f06910b7ac13  krb5-server-1.2.2-32.i386.rpm
ea1826ed45658cdade4fa53f6692f2ac  krb5-workstation-1.2.2-32.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/krb5-1.2.7-38.src.rpm
a90ddb74f04b2ce4d135dd4727d26f4d  krb5-1.2.7-38.src.rpm

i386:
69131ba25cf08532d55f1f5d392f501c  krb5-devel-1.2.7-38.i386.rpm
e450f4b4d96bd13d51cd56cec1e5e568  krb5-libs-1.2.7-38.i386.rpm
dd38fa05c17e9e986b4d1181e695b3df  krb5-server-1.2.7-38.i386.rpm
7c7f4cd7ebf4e9fc50e9c4f4ad9e2faf  krb5-workstation-1.2.7-38.i386.rpm

ia64:
361f9ea375518c1db1e1bd8b3c63cce7  krb5-devel-1.2.7-38.ia64.rpm
a96e16502096c19b2d8b0c3eea4b77b5  krb5-libs-1.2.7-38.ia64.rpm
e450f4b4d96bd13d51cd56cec1e5e568  krb5-libs-1.2.7-38.i386.rpm
ac2c8fe8e7d8dfc9be4fea96f7283bac  krb5-server-1.2.7-38.ia64.rpm
96303cbcd45e7fb93b93bda92047a7e9  krb5-workstation-1.2.7-38.ia64.rpm

ppc:
18807f63b63422fd8bce85ea2ba0c8e4  krb5-devel-1.2.7-38.ppc.rpm
89795f2d52b519f80a1df8fcddb0cb24  krb5-libs-1.2.7-38.ppc.rpm
0a3b6bb917d51d6a3cb19e8d2b194001  krb5-server-1.2.7-38.ppc.rpm
5917e264b07a6469e30c2ea87b6fc1fd  krb5-workstation-1.2.7-38.ppc.rpm

ppc64:
c552f8269adb38dbf21686e74085fb85  krb5-libs-1.2.7-38.ppc64.rpm

s390:
ce047097ae7b876514b9395e1b8524df  krb5-devel-1.2.7-38.s390.rpm
a070cad5f21a22f7611ae641eb4b91f5  krb5-libs-1.2.7-38.s390.rpm
1340f95c60414347b525a0b22cf72c03  krb5-server-1.2.7-38.s390.rpm
0f82ce679c7f7d6750e6bf98330cfb5b  krb5-workstation-1.2.7-38.s390.rpm

s390x:
4d90a77748aaacd818d9e3f77433618b  krb5-devel-1.2.7-38.s390x.rpm
0894dff280fc7550086b94a6737f1f45  krb5-libs-1.2.7-38.s390x.rpm
a070cad5f21a22f7611ae641eb4b91f5  krb5-libs-1.2.7-38.s390.rpm
084688d5e785317fc7e485ecc75710a8  krb5-server-1.2.7-38.s390x.rpm
128834612bbe91305293d8d77c7bde7a  krb5-workstation-1.2.7-38.s390x.rpm

x86_64:
c9439fe08d70b776d081d5877af78995  krb5-devel-1.2.7-38.x86_64.rpm
fdfbb86d17c8129232a999e5d08f2a4f  krb5-libs-1.2.7-38.x86_64.rpm
e450f4b4d96bd13d51cd56cec1e5e568  krb5-libs-1.2.7-38.i386.rpm
fb069e8ce3c2ba661d1e4bc944b5b77d  krb5-server-1.2.7-38.x86_64.rpm
c6a81c4cc4c5f8a6afa242b616651451  krb5-workstation-1.2.7-38.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/krb5-1.2.7-38.src.rpm
a90ddb74f04b2ce4d135dd4727d26f4d  krb5-1.2.7-38.src.rpm

i386:
69131ba25cf08532d55f1f5d392f501c  krb5-devel-1.2.7-38.i386.rpm
e450f4b4d96bd13d51cd56cec1e5e568  krb5-libs-1.2.7-38.i386.rpm
7c7f4cd7ebf4e9fc50e9c4f4ad9e2faf  krb5-workstation-1.2.7-38.i386.rpm

x86_64:
c9439fe08d70b776d081d5877af78995  krb5-devel-1.2.7-38.x86_64.rpm
fdfbb86d17c8129232a999e5d08f2a4f  krb5-libs-1.2.7-38.x86_64.rpm
e450f4b4d96bd13d51cd56cec1e5e568  krb5-libs-1.2.7-38.i386.rpm
c6a81c4cc4c5f8a6afa242b616651451  krb5-workstation-1.2.7-38.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/krb5-1.2.7-38.src.rpm
a90ddb74f04b2ce4d135dd4727d26f4d  krb5-1.2.7-38.src.rpm

i386:
69131ba25cf08532d55f1f5d392f501c  krb5-devel-1.2.7-38.i386.rpm
e450f4b4d96bd13d51cd56cec1e5e568  krb5-libs-1.2.7-38.i386.rpm
dd38fa05c17e9e986b4d1181e695b3df  krb5-server-1.2.7-38.i386.rpm
7c7f4cd7ebf4e9fc50e9c4f4ad9e2faf  krb5-workstation-1.2.7-38.i386.rpm

ia64:
361f9ea375518c1db1e1bd8b3c63cce7  krb5-devel-1.2.7-38.ia64.rpm
a96e16502096c19b2d8b0c3eea4b77b5  krb5-libs-1.2.7-38.ia64.rpm
e450f4b4d96bd13d51cd56cec1e5e568  krb5-libs-1.2.7-38.i386.rpm
ac2c8fe8e7d8dfc9be4fea96f7283bac  krb5-server-1.2.7-38.ia64.rpm
96303cbcd45e7fb93b93bda92047a7e9  krb5-workstation-1.2.7-38.ia64.rpm

x86_64:
c9439fe08d70b776d081d5877af78995  krb5-devel-1.2.7-38.x86_64.rpm
fdfbb86d17c8129232a999e5d08f2a4f  krb5-libs-1.2.7-38.x86_64.rpm
e450f4b4d96bd13d51cd56cec1e5e568  krb5-libs-1.2.7-38.i386.rpm
fb069e8ce3c2ba661d1e4bc944b5b77d  krb5-server-1.2.7-38.x86_64.rpm
c6a81c4cc4c5f8a6afa242b616651451  krb5-workstation-1.2.7-38.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/krb5-1.2.7-38.src.rpm
a90ddb74f04b2ce4d135dd4727d26f4d  krb5-1.2.7-38.src.rpm

i386:
69131ba25cf08532d55f1f5d392f501c  krb5-devel-1.2.7-38.i386.rpm
e450f4b4d96bd13d51cd56cec1e5e568  krb5-libs-1.2.7-38.i386.rpm
7c7f4cd7ebf4e9fc50e9c4f4ad9e2faf  krb5-workstation-1.2.7-38.i386.rpm

ia64:
361f9ea375518c1db1e1bd8b3c63cce7  krb5-devel-1.2.7-38.ia64.rpm
a96e16502096c19b2d8b0c3eea4b77b5  krb5-libs-1.2.7-38.ia64.rpm
e450f4b4d96bd13d51cd56cec1e5e568  krb5-libs-1.2.7-38.i386.rpm
96303cbcd45e7fb93b93bda92047a7e9  krb5-workstation-1.2.7-38.ia64.rpm

x86_64:
c9439fe08d70b776d081d5877af78995  krb5-devel-1.2.7-38.x86_64.rpm
fdfbb86d17c8129232a999e5d08f2a4f  krb5-libs-1.2.7-38.x86_64.rpm
e450f4b4d96bd13d51cd56cec1e5e568  krb5-libs-1.2.7-38.i386.rpm
c6a81c4cc4c5f8a6afa242b616651451  krb5-workstation-1.2.7-38.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.securityfocus.com/bid/11289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1189

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.