Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Fedora Core 4 Update: krb5-1.4.1-5 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora A double-free flaw was found in the krb5_recvauth() routine which may be triggered by a remote unauthenticated attacker. Fedora Core 4 contains checks within glibc that detect double-free flaws. Therefore, on Fedora Core 4, successful exploitation of this issue can only lead to a denial of service (KDC crash).
Fedora Update Notification

Product     : Fedora Core 4
Name        : krb5
Version     : 1.4.1                      
Release     : 5                  
Summary     : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

Update Information:

A double-free flaw was found in the krb5_recvauth() routine which may be triggered by a remote unauthenticated attacker.  Fedora Core 4 contains checks within glibc that detect double-free flaws.  Therefore, on Fedora Core 4, successful exploitation of this issue can only lead to a denial of service (KDC crash).  The Common Vulnerabilities and Exposures project assigned the name CAN-2005-1689 to this issue.

Daniel Wachdorf discovered a single byte heap overflow in the krb5_unparse_name() function, part of krb5-libs.  Successful exploitation of this flaw would lead to a denial of service (crash).  To trigger this flaw remotely, an attacker would need to have control of a kerberos realm that shares a cross-realm key with the target, making exploitation of this flaw unlikely. (CAN-2005-1175).

Daniel Wachdorf also discovered that in error conditions that may occur in response to correctly-formatted client requests, the Kerberos 5 KDC may attempt to free uninitialized memory.  This could allow a remote attacker to cause a denial of service (KDC crash) (CAN-2005-1174).

Gaël Delalleau discovered an information disclosure issue in the way some telnet clients handle messages from a server. An attacker could construct a malicious telnet server that collects information from the environment of any victim who connects to it using the Kerberos-aware telnet client (CAN-2005-0488).

The rcp protocol allows a server to instruct a client to write to arbitrary files outside of the current directory. This could potentially cause a security issue if a user uses the Kerberos-aware rcp to copy files from a malicious server (CAN-2004-0175).
* Wed Jun 29 2005 Nalin Dahyabhai  1.4.1-5

- fix telnet client environment variable disclosure the same way NetKit's
  telnet client did (CAN-2005-0488) (#159305)
- keep apps which call krb5_principal_compare() or krb5_realm_compare() with
  malformed or NULL principal structures from crashing outright (Thomas Biege)

* Tue Jun 28 2005 Nalin Dahyabhai 

- apply fixes from draft of MIT-KRB5-SA-2005-002 (CAN-2005-1174,CAN-2005-1175)
- apply fixes from draft of MIT-KRB5-SA-2005-003 (CAN-2005-1689) (#159755)

* Fri Jun 24 2005 Nalin Dahyabhai  1.4.1-4

- fix double-close in keytab handling
- add port of fixes for CAN-2004-0175 to krb5-aware rcp (#151612)

* Fri May 13 2005 Nalin Dahyabhai  1.4.1-3

- prevent spurious EBADF in krshd when stdin is closed by the client while
  the command is running (#151111)

* Fri May 13 2005 Martin Stransky  1.4.1-2

- add deadlock patch, removed old patch

* Fri May  6 2005 Nalin Dahyabhai  1.4.1-1

- update to 1.4.1, incorporating fixes for CAN-2005-0468 and CAN-2005-0469
- when starting the KDC or kadmind, if KRB5REALM is set via the /etc/sysconfig
  file for the service, pass it as an argument for the -r flag

This update can be downloaded from:

e04410b41cb3e1ca5c5de361932d4f43  SRPMS/krb5-1.4.1-5.src.rpm
84ec58abea3e00d6ce09d9fa17bdec44  ppc/krb5-devel-1.4.1-5.ppc.rpm
3b036b4aebe92579c7b0553c6a943c9c  ppc/krb5-libs-1.4.1-5.ppc.rpm
4ef4aae46285b2cc7ec2123175dc65d3  ppc/krb5-server-1.4.1-5.ppc.rpm
236c23aa99713ffbcd375be4418a629c  ppc/krb5-workstation-1.4.1-5.ppc.rpm
72a70fe522d9945d62acff3b6d62e9c4  ppc/debug/krb5-debuginfo-1.4.1-5.ppc.rpm
819d79e1b3fbd06de75cae397f00c80e  ppc/krb5-libs-1.4.1-5.ppc64.rpm
41a16309bae5f43caf50a9c34493c2a9  x86_64/krb5-devel-1.4.1-5.x86_64.rpm
5a733f5e5d35045e4efd44106d36fb5f  x86_64/krb5-libs-1.4.1-5.x86_64.rpm
5da17e3e77e3a73ddbb9d68516cf084e  x86_64/krb5-server-1.4.1-5.x86_64.rpm
53738638e418c3aba25c0a344e67d0d2  x86_64/krb5-workstation-1.4.1-5.x86_64.rpm
4f7310c5758bd32432db538f5008577d  x86_64/debug/krb5-debuginfo-1.4.1-5.x86_64.rpm
e35d87893a9b3b22eb15246a4cc88046  x86_64/krb5-libs-1.4.1-5.i386.rpm
2a5f503e74207349f137d1aaf039879c  i386/krb5-devel-1.4.1-5.i386.rpm
e35d87893a9b3b22eb15246a4cc88046  i386/krb5-libs-1.4.1-5.i386.rpm
c6578a1a24fbaf3da0b7724445fdb675  i386/krb5-server-1.4.1-5.i386.rpm
0317f834d5795dbaf9f531ef747d181b  i386/krb5-workstation-1.4.1-5.i386.rpm
ec1e81cad1d4365febcff9df32be2375  i386/debug/krb5-debuginfo-1.4.1-5.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  

fedora-announce-list mailing list
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.