---------------------------------------------------------------------Fedora Update Notification
FEDORA-2005-552
2005-07-12
---------------------------------------------------------------------Product     : Fedora Core 3
Name        : krb5
Version     : 1.3.6                      
Release     : 7                  
Summary     : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

---------------------------------------------------------------------Update Information:

A double-free flaw was found in the krb5_recvauth() routine which may be triggered by a remote unauthenticated attacker.  Fedora Core 3 contains checks within glibc that detect double-free flaws.  Therefore, on Fedora Core 3, successful exploitation of this issue can only lead to a denial of service (KDC crash).  The Common Vulnerabilities and Exposures project assigned the name CAN-2005-1689 to this issue.

Daniel Wachdorf discovered a single byte heap overflow in the krb5_unparse_name() function, part of krb5-libs.  Successful exploitation of this flaw would lead to a denial of service (crash).  To trigger this flaw remotely, an attacker would need to have control of a kerberos realm that shares a cross-realm key with the target, making exploitation of this flaw unlikely. (CAN-2005-1175).

Daniel Wachdorf also discovered that in error conditions that may occur in response to correctly-formatted client requests, the Kerberos 5 KDC may attempt to free uninitialized memory.  This could allow a remote attacker to cause a denial of service (KDC crash) (CAN-2005-1174).

Gaël Delalleau discovered an information disclosure issue in the way some telnet clients handle messages from a server. An attacker could construct a malicious telnet server that collects information from the environment of any victim who connects to it using the Kerberos-aware telnet client (CAN-2005-0488).

The rcp protocol allows a server to instruct a client to write to arbitrary files outside of the current directory. This could potentially cause a security issue if a user uses the Kerberos-aware rcp to copy files from a malicious server (CAN-2004-0175).
---------------------------------------------------------------------* Wed Jun 29 2005 Nalin Dahyabhai  1.3.6-7

- fix telnet client environment variable disclosure the same way NetKit's
  telnet client did (CAN-2005-0488) (#159305)
- keep apps which call krb5_principal_compare() or krb5_realm_compare() with
  malformed or NULL principal structures from crashing outright (Thomas Biege)
  (#161475)

* Tue Jun 28 2005 Nalin Dahyabhai 

- apply fixes from draft of MIT-KRB5-SA-2005-002 (CAN-2005-1174,CAN-2005-1175)
  (#157104)
- apply fixes from draft of MIT-KRB5-SA-2005-003 (CAN-2005-1689) (#159755)

* Fri Jun 24 2005 Nalin Dahyabhai  1.3.6-6

- fix double-close in keytab handling
- add port of fixes for CAN-2004-0175 to krb5-aware rcp (#151612)


---------------------------------------------------------------------This update can be downloaded from:
  
bbda806f94b4d1833d9fd884844f43da  SRPMS/krb5-1.3.6-7.src.rpm
1d9290dc2b92c62cebdd46ff27ed26f4  x86_64/krb5-devel-1.3.6-7.x86_64.rpm
1ee1d026aabc242677f91dccdf94558b  x86_64/krb5-libs-1.3.6-7.x86_64.rpm
a31aad264eeecd22a73e5dc1ddc9ed77  x86_64/krb5-server-1.3.6-7.x86_64.rpm
87f60cb9bf65e7aeaa766ae33ff6a83c  x86_64/krb5-workstation-1.3.6-7.x86_64.rpm
1a8bc195545e1bd5d9de79efae04fb38  x86_64/debug/krb5-debuginfo-1.3.6-7.x86_64.rpm
efa02df806c2730d4aadf47ea9502dfc  x86_64/krb5-libs-1.3.6-7.i386.rpm
6c8f97b7bd66f752f60ee3e974613424  i386/krb5-devel-1.3.6-7.i386.rpm
efa02df806c2730d4aadf47ea9502dfc  i386/krb5-libs-1.3.6-7.i386.rpm
681ebd995cce6cf33adcafc6c8d2f1f7  i386/krb5-server-1.3.6-7.i386.rpm
2f999eff92ca4885ba38dfc6b00286c9  i386/krb5-workstation-1.3.6-7.i386.rpm
a32f85ca5a135626840d0034f407b39d  i386/debug/krb5-debuginfo-1.3.6-7.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
-----------------------------------------------------------------------fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 3 Update: krb5-1.3.6-7

July 12, 2005
A double-free flaw was found in the krb5_recvauth() routine which may be triggered by a remote unauthenticated attacker

Summary

Kerberos V5 is a trusted-third-party network authentication system,

which can improve your network's security by eliminating the insecure

practice of cleartext passwords.

A double-free flaw was found in the krb5_recvauth() routine which may be triggered by a remote unauthenticated attacker. Fedora Core 3 contains checks within glibc that detect double-free flaws. Therefore, on Fedora Core 3, successful exploitation of this issue can only lead to a denial of service (KDC crash). The Common Vulnerabilities and Exposures project assigned the name CAN-2005-1689 to this issue.

Daniel Wachdorf discovered a single byte heap overflow in the krb5_unparse_name() function, part of krb5-libs. Successful exploitation of this flaw would lead to a denial of service (crash). To trigger this flaw remotely, an attacker would need to have control of a kerberos realm that shares a cross-realm key with the target, making exploitation of this flaw unlikely. (CAN-2005-1175).

Daniel Wachdorf also discovered that in error conditions that may occur in response to correctly-formatted client requests, the Kerberos 5 KDC may attempt to free uninitialized memory. This could allow a remote attacker to cause a denial of service (KDC crash) (CAN-2005-1174).

Gaël Delalleau discovered an information disclosure issue in the way some telnet clients handle messages from a server. An attacker could construct a malicious telnet server that collects information from the environment of any victim who connects to it using the Kerberos-aware telnet client (CAN-2005-0488).

The rcp protocol allows a server to instruct a client to write to arbitrary files outside of the current directory. This could potentially cause a security issue if a user uses the Kerberos-aware rcp to copy files from a malicious server (CAN-2004-0175).

- fix telnet client environment variable disclosure the same way NetKit's

telnet client did (CAN-2005-0488) (#159305)

- keep apps which call krb5_principal_compare() or krb5_realm_compare() with

malformed or NULL principal structures from crashing outright (Thomas Biege)

(#161475)

* Tue Jun 28 2005 Nalin Dahyabhai

- apply fixes from draft of MIT-KRB5-SA-2005-002 (CAN-2005-1174,CAN-2005-1175)

(#157104)

- apply fixes from draft of MIT-KRB5-SA-2005-003 (CAN-2005-1689) (#159755)

* Fri Jun 24 2005 Nalin Dahyabhai 1.3.6-6

- fix double-close in keytab handling

- add port of fixes for CAN-2004-0175 to krb5-aware rcp (#151612)

bbda806f94b4d1833d9fd884844f43da SRPMS/krb5-1.3.6-7.src.rpm

1d9290dc2b92c62cebdd46ff27ed26f4 x86_64/krb5-devel-1.3.6-7.x86_64.rpm

1ee1d026aabc242677f91dccdf94558b x86_64/krb5-libs-1.3.6-7.x86_64.rpm

a31aad264eeecd22a73e5dc1ddc9ed77 x86_64/krb5-server-1.3.6-7.x86_64.rpm

87f60cb9bf65e7aeaa766ae33ff6a83c x86_64/krb5-workstation-1.3.6-7.x86_64.rpm

1a8bc195545e1bd5d9de79efae04fb38 x86_64/debug/krb5-debuginfo-1.3.6-7.x86_64.rpm

efa02df806c2730d4aadf47ea9502dfc x86_64/krb5-libs-1.3.6-7.i386.rpm

6c8f97b7bd66f752f60ee3e974613424 i386/krb5-devel-1.3.6-7.i386.rpm

efa02df806c2730d4aadf47ea9502dfc i386/krb5-libs-1.3.6-7.i386.rpm

681ebd995cce6cf33adcafc6c8d2f1f7 i386/krb5-server-1.3.6-7.i386.rpm

2f999eff92ca4885ba38dfc6b00286c9 i386/krb5-workstation-1.3.6-7.i386.rpm

a32f85ca5a135626840d0034f407b39d i386/debug/krb5-debuginfo-1.3.6-7.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-announce-list

FEDORA-2005-552 2005-07-12 Name : krb5 Version : 1.3.6 Release : 7 Summary : The Kerberos network authentication system. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. A double-free flaw was found in the krb5_recvauth() routine which may be triggered by a remote unauthenticated attacker. Fedora Core 3 contains checks within glibc that detect double-free flaws. Therefore, on Fedora Core 3, successful exploitation of this issue can only lead to a denial of service (KDC crash). The Common Vulnerabilities and Exposures project assigned the name CAN-2005-1689 to this issue. Daniel Wachdorf discovered a single byte heap overflow in the krb5_unparse_name() function, part of krb5-libs. Successful exploitation of this flaw would lead to a denial of service (crash). To trigger this flaw remotely, an attacker would need to have control of a kerberos realm that shares a cross-realm key with the target, making exploitation of this flaw unlikely. (CAN-2005-1175). Daniel Wachdorf also discovered that in error conditions that may occur in response to correctly-formatted client requests, the Kerberos 5 KDC may attempt to free uninitialized memory. This could allow a remote attacker to cause a denial of service (KDC crash) (CAN-2005-1174). Gaël Delalleau discovered an information disclosure issue in the way some telnet clients handle messages from a server. An attacker could construct a malicious telnet server that collects information from the environment of any victim who connects to it using the Kerberos-aware telnet client (CAN-2005-0488). The rcp protocol allows a server to instruct a client to write to arbitrary files outside of the current directory. This could potentially cause a security issue if a user uses the Kerberos-aware rcp to copy files from a malicious server (CAN-2004-0175). - fix telnet client environment variable disclosure the same way NetKit's telnet client did (CAN-2005-0488) (#159305) - keep apps which call krb5_principal_compare() or krb5_realm_compare() with malformed or NULL principal structures from crashing outright (Thomas Biege) (#161475) * Tue Jun 28 2005 Nalin Dahyabhai - apply fixes from draft of MIT-KRB5-SA-2005-002 (CAN-2005-1174,CAN-2005-1175) (#157104) - apply fixes from draft of MIT-KRB5-SA-2005-003 (CAN-2005-1689) (#159755) * Fri Jun 24 2005 Nalin Dahyabhai 1.3.6-6 - fix double-close in keytab handling - add port of fixes for CAN-2004-0175 to krb5-aware rcp (#151612) bbda806f94b4d1833d9fd884844f43da SRPMS/krb5-1.3.6-7.src.rpm 1d9290dc2b92c62cebdd46ff27ed26f4 x86_64/krb5-devel-1.3.6-7.x86_64.rpm 1ee1d026aabc242677f91dccdf94558b x86_64/krb5-libs-1.3.6-7.x86_64.rpm a31aad264eeecd22a73e5dc1ddc9ed77 x86_64/krb5-server-1.3.6-7.x86_64.rpm 87f60cb9bf65e7aeaa766ae33ff6a83c x86_64/krb5-workstation-1.3.6-7.x86_64.rpm 1a8bc195545e1bd5d9de79efae04fb38 x86_64/debug/krb5-debuginfo-1.3.6-7.x86_64.rpm efa02df806c2730d4aadf47ea9502dfc x86_64/krb5-libs-1.3.6-7.i386.rpm 6c8f97b7bd66f752f60ee3e974613424 i386/krb5-devel-1.3.6-7.i386.rpm efa02df806c2730d4aadf47ea9502dfc i386/krb5-libs-1.3.6-7.i386.rpm 681ebd995cce6cf33adcafc6c8d2f1f7 i386/krb5-server-1.3.6-7.i386.rpm 2f999eff92ca4885ba38dfc6b00286c9 i386/krb5-workstation-1.3.6-7.i386.rpm a32f85ca5a135626840d0034f407b39d i386/debug/krb5-debuginfo-1.3.6-7.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : krb5
Version : 1.3.6
Release : 7
Summary : The Kerberos network authentication system.

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved