LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: Updated krb5 packages fix Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Two buffer overflow issues were discovered in the way telnet clients handle messages from a server. Because of these issues, an attacker may be able to execute arbitray code on the victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Kerberos package contains a telnet client and is patched to deal with these issues.
 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           krb5
 Advisory ID:            MDKSA-2005:061
 Date:                   March 29th, 2005

 Affected versions:	 10.0, 10.1, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Two buffer overflow issues were discovered in the way telnet clients
 handle messages from a server.  Because of these issues, an attacker
 may be able to execute arbitray code on the victim's machine if the
 victim can be tricked into connecting to a malicious telnet server.
 The Kerberos package contains a telnet client and is patched to deal
 with these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
  http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-001-telnet.txt
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 d216766af945b3213fa495721eed9457  10.0/RPMS/ftp-client-krb5-1.3-6.5.100mdk.i586.rpm
 4655dcb4b78bbdb435b07647516197a6  10.0/RPMS/ftp-server-krb5-1.3-6.5.100mdk.i586.rpm
 4875bd7e3527e46a14d03715981debd1  10.0/RPMS/krb5-server-1.3-6.5.100mdk.i586.rpm
 a56ef2f2bdf568b60b1755edf5bf029d  10.0/RPMS/krb5-workstation-1.3-6.5.100mdk.i586.rpm
 83810da26099bef4f9f62dda0bfaac25  10.0/RPMS/libkrb51-1.3-6.5.100mdk.i586.rpm
 f8ddb6ad7c7c00b73705deb466ec6bd6  10.0/RPMS/libkrb51-devel-1.3-6.5.100mdk.i586.rpm
 61d0f706174d181aa85c50e20f6fb5c8  10.0/RPMS/telnet-client-krb5-1.3-6.5.100mdk.i586.rpm
 79e059ee2cc3d074a20b91ce7143ac81  10.0/RPMS/telnet-server-krb5-1.3-6.5.100mdk.i586.rpm
 ec23fa86417932cf45135d0893f0c110  10.0/SRPMS/krb5-1.3-6.5.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 26c8933dd197c552b0f7ea1df7bae8a8  amd64/10.0/RPMS/ftp-client-krb5-1.3-6.5.100mdk.amd64.rpm
 4bde97f1286a8dafa48ee43f4302f193  amd64/10.0/RPMS/ftp-server-krb5-1.3-6.5.100mdk.amd64.rpm
 fdaa11624a29da312e3924016469eefc  amd64/10.0/RPMS/krb5-server-1.3-6.5.100mdk.amd64.rpm
 33d0343e61194c4bb0229df79e6fed26  amd64/10.0/RPMS/krb5-workstation-1.3-6.5.100mdk.amd64.rpm
 828b1af5ad010a37732e37f8007bbc47  amd64/10.0/RPMS/lib64krb51-1.3-6.5.100mdk.amd64.rpm
 b3e0ecc91df33626c4122ab1fb3d0ea9  amd64/10.0/RPMS/lib64krb51-devel-1.3-6.5.100mdk.amd64.rpm
 068087c8e22ebff7328b2a9ade91a9bc  amd64/10.0/RPMS/telnet-client-krb5-1.3-6.5.100mdk.amd64.rpm
 a263757976186907b1a2645fbe315e0e  amd64/10.0/RPMS/telnet-server-krb5-1.3-6.5.100mdk.amd64.rpm
 ec23fa86417932cf45135d0893f0c110  amd64/10.0/SRPMS/krb5-1.3-6.5.100mdk.src.rpm

 Mandrakelinux 10.1:
 819e71fe8e2830787b2e808455b02821  10.1/RPMS/ftp-client-krb5-1.3.4-2.2.101mdk.i586.rpm
 3a48e58ff59a5712778242d376741386  10.1/RPMS/ftp-server-krb5-1.3.4-2.2.101mdk.i586.rpm
 ba2b20121bc71355e6c8107c69cbf0d0  10.1/RPMS/krb5-server-1.3.4-2.2.101mdk.i586.rpm
 f7aeec8d096cd901112e5d2200de456f  10.1/RPMS/krb5-workstation-1.3.4-2.2.101mdk.i586.rpm
 29049325af00777f56ec2f28cd8db39a  10.1/RPMS/libkrb53-1.3.4-2.2.101mdk.i586.rpm
 2adb15276ecbf76e60d851999fab9a1d  10.1/RPMS/libkrb53-devel-1.3.4-2.2.101mdk.i586.rpm
 caf892a19e7be7e745ef8e9aa75789c0  10.1/RPMS/telnet-client-krb5-1.3.4-2.2.101mdk.i586.rpm
 7bc66dfe0330642b5d75fdd34f7b06e5  10.1/RPMS/telnet-server-krb5-1.3.4-2.2.101mdk.i586.rpm
 10b2b7dbc3d5f8cc59c89603d295cfaf  10.1/SRPMS/krb5-1.3.4-2.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 23d8a6b17b39f9381e9b0dd7793ab7b8  x86_64/10.1/RPMS/ftp-client-krb5-1.3.4-2.2.101mdk.x86_64.rpm
 a008345d73abf100b15cad0087f01072  x86_64/10.1/RPMS/ftp-server-krb5-1.3.4-2.2.101mdk.x86_64.rpm
 18a341812ca08af8bd5c494db3ec5ff3  x86_64/10.1/RPMS/krb5-server-1.3.4-2.2.101mdk.x86_64.rpm
 28714dcb521545d74438c91ab3794815  x86_64/10.1/RPMS/krb5-workstation-1.3.4-2.2.101mdk.x86_64.rpm
 035cba17cbc35bd3d822d3758a2698dd  x86_64/10.1/RPMS/lib64krb53-1.3.4-2.2.101mdk.x86_64.rpm
 fc77f44380cfdd2bd1819e8bd8492561  x86_64/10.1/RPMS/lib64krb53-devel-1.3.4-2.2.101mdk.x86_64.rpm
 90f2d0b38cbf9af1d587972cc68d1d6d  x86_64/10.1/RPMS/telnet-client-krb5-1.3.4-2.2.101mdk.x86_64.rpm
 826a853d8dc641bd8bfb28199bbaa64a  x86_64/10.1/RPMS/telnet-server-krb5-1.3.4-2.2.101mdk.x86_64.rpm
 10b2b7dbc3d5f8cc59c89603d295cfaf  x86_64/10.1/SRPMS/krb5-1.3.4-2.2.101mdk.src.rpm

 Corporate Server 2.1:
 486bdb41d4354eed4fcf58eb52a82fa9  corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.9.C21mdk.i586.rpm
 55cc181680ac84751723deb93719decc  corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.9.C21mdk.i586.rpm
 c98550fca5f3eeeabf62a86ddbf92a07  corporate/2.1/RPMS/krb5-devel-1.2.5-1.9.C21mdk.i586.rpm
 b8bb87ae54bdb56458c3388fecb63d6f  corporate/2.1/RPMS/krb5-libs-1.2.5-1.9.C21mdk.i586.rpm
 b8763fea4c3c156938ba784a3edf51b9  corporate/2.1/RPMS/krb5-server-1.2.5-1.9.C21mdk.i586.rpm
 e6a0318b748f65a0507f8c16bc23dc49  corporate/2.1/RPMS/krb5-workstation-1.2.5-1.9.C21mdk.i586.rpm
 327c046ca43c40ab9794398f20a5b38f  corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.9.C21mdk.i586.rpm
 a82c3b4f9eb67504899c5f3f281d9fe5  corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.9.C21mdk.i586.rpm
 259065ab96525bc8d7b77d4c25e13f4b  corporate/2.1/SRPMS/krb5-1.2.5-1.9.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 f6d4eff2a3feb87000460ca695bd51de  x86_64/corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.9.C21mdk.x86_64.rpm
 255d0bc8c3244b27431d226d4999f6d6  x86_64/corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.9.C21mdk.x86_64.rpm
 240f422fe36e908fcb26e90f9170fbc3  x86_64/corporate/2.1/RPMS/krb5-devel-1.2.5-1.9.C21mdk.x86_64.rpm
 772fed2dada99bd8d2ac4643731cf739  x86_64/corporate/2.1/RPMS/krb5-libs-1.2.5-1.9.C21mdk.x86_64.rpm
 26b555deaeced633f99b388c9e03e18b  x86_64/corporate/2.1/RPMS/krb5-server-1.2.5-1.9.C21mdk.x86_64.rpm
 e2f5e23567066ef2546f7c2ce9e1cd8f  x86_64/corporate/2.1/RPMS/krb5-workstation-1.2.5-1.9.C21mdk.x86_64.rpm
 45279cc9a731458a3720a38c99e6f4c3  x86_64/corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.9.C21mdk.x86_64.rpm
 214b7f27352dc9ebf55633422f9572cc  x86_64/corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.9.C21mdk.x86_64.rpm
 259065ab96525bc8d7b77d4c25e13f4b  x86_64/corporate/2.1/SRPMS/krb5-1.2.5-1.9.C21mdk.src.rpm

 Corporate 3.0:
 28d851910a75805853c5c39cba4fffea  corporate/3.0/RPMS/ftp-client-krb5-1.3-6.5.C30mdk.i586.rpm
 ac605c26e631edf484d62d8d97ddda69  corporate/3.0/RPMS/ftp-server-krb5-1.3-6.5.C30mdk.i586.rpm
 c666ec50bdf3a3044ef0f7248ee8e56e  corporate/3.0/RPMS/krb5-server-1.3-6.5.C30mdk.i586.rpm
 e7713877b0e4a4fa6ec709b9fd5e702b  corporate/3.0/RPMS/krb5-workstation-1.3-6.5.C30mdk.i586.rpm
 bb77997163c45e09fc31b15d46139525  corporate/3.0/RPMS/libkrb51-1.3-6.5.C30mdk.i586.rpm
 283c5da56f61674465641cfb354dc491  corporate/3.0/RPMS/libkrb51-devel-1.3-6.5.C30mdk.i586.rpm
 405188eb42b03830b8b11c63e36cda97  corporate/3.0/RPMS/telnet-client-krb5-1.3-6.5.C30mdk.i586.rpm
 0d4f11a5eb627b9e67781d0497cfadb4  corporate/3.0/RPMS/telnet-server-krb5-1.3-6.5.C30mdk.i586.rpm
 c38d8569fd587baf9f7d45db41fe5c93  corporate/3.0/SRPMS/krb5-1.3-6.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 405fd1d117ce34ce2ed7c19f3fc0f014  x86_64/corporate/3.0/RPMS/ftp-client-krb5-1.3-6.5.C30mdk.x86_64.rpm
 e6b5b0dd59bc08bfd1459ce4857a7776  x86_64/corporate/3.0/RPMS/ftp-server-krb5-1.3-6.5.C30mdk.x86_64.rpm
 22b5a0f8b3c83ddb3231ea7ce4fbc736  x86_64/corporate/3.0/RPMS/krb5-server-1.3-6.5.C30mdk.x86_64.rpm
 1027fec85d3450f7b2144d1578f4b0f6  x86_64/corporate/3.0/RPMS/krb5-workstation-1.3-6.5.C30mdk.x86_64.rpm
 96113ec9be72c272cdfeddcd6c2328ad  x86_64/corporate/3.0/RPMS/lib64krb51-1.3-6.5.C30mdk.x86_64.rpm
 733bfb924f9f743d6c9a303e2d6b6ece  x86_64/corporate/3.0/RPMS/lib64krb51-devel-1.3-6.5.C30mdk.x86_64.rpm
 5970d9cd024f5397d985acada35fffcd  x86_64/corporate/3.0/RPMS/telnet-client-krb5-1.3-6.5.C30mdk.x86_64.rpm
 c856eeb8859708c5345a5a19506a3a89  x86_64/corporate/3.0/RPMS/telnet-server-krb5-1.3-6.5.C30mdk.x86_64.rpm
 c38d8569fd587baf9f7d45db41fe5c93  x86_64/corporate/3.0/SRPMS/krb5-1.3-6.5.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.