LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Important: krb5 security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated krb5 packages that fix several security flaws are now available for Red Hat Enterprise Linux 4 and 5.Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server. This update has been rated as having important security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: krb5 security update
Advisory ID:       RHSA-2007:0562-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0562.html
Issue date:        2007-06-26
Updated on:        2007-06-26
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 
- ---------------------------------------------------------------------

1. Summary:

Updated krb5 packages that fix several security flaws are now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.  kadmind is the KADM5 administration
server.

David Coffey discovered an uninitialized pointer free flaw in the RPC
library used by kadmind.  On Red Hat Enterprise Linux 4 and 5, glibc
detects attempts to free invalid pointers.  A remote unauthenticated
attacker who can access kadmind could trigger this flaw and cause kadmind
to crash. (CVE-2007-2442)

David Coffey also discovered an overflow flaw in the RPC library used by
kadmind.  On Red Hat Enterprise Linux, exploitation of this flaw is limited
to a denial of service.  A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2443)

A stack buffer overflow flaw was found in kadmind.  An authenticated
attacker who can access kadmind could trigger this flaw and potentially
execute arbitrary code on the Kerberos server. (CVE-2007-2798)

Users of krb5-server are advised to update to these erratum packages which
contain backported fixes to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

245547 - CVE-2007-2442 krb5 RPC library unitialized pointer free
245548 - CVE-2007-2443 krb5 RPC library stack overflow
245549 - CVE-2007-2798 krb5 kadmind buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/krb5-1.3.4-49.src.rpm
31d66f8b81a412d2b527a1d2e34a6e29  krb5-1.3.4-49.src.rpm

i386:
9e3db992036d070d8932180873098150  krb5-debuginfo-1.3.4-49.i386.rpm
cb0671a2c26fea448cc88e973513de5e  krb5-devel-1.3.4-49.i386.rpm
a98a07dbc3bb70a29be7abf1f9413514  krb5-libs-1.3.4-49.i386.rpm
4ae9d98926bb5b88562d2a9df1d5b019  krb5-server-1.3.4-49.i386.rpm
292e2aba8e5f54b252d8c2dcae346c2c  krb5-workstation-1.3.4-49.i386.rpm

ia64:
9e3db992036d070d8932180873098150  krb5-debuginfo-1.3.4-49.i386.rpm
9b548a0ef35ea35fd9679ccf42703ec6  krb5-debuginfo-1.3.4-49.ia64.rpm
14661d7ee6d5005c074bbed129cfac43  krb5-devel-1.3.4-49.ia64.rpm
a98a07dbc3bb70a29be7abf1f9413514  krb5-libs-1.3.4-49.i386.rpm
09a2550dc627f1eeda901a1884a04a2f  krb5-libs-1.3.4-49.ia64.rpm
03c9f1f5d4bcc5921574167506a67fcd  krb5-server-1.3.4-49.ia64.rpm
5292efc768b6d6f2ee260a906fc3e46e  krb5-workstation-1.3.4-49.ia64.rpm

ppc:
cb1bea183c6b23d42f5b4b1628327dee  krb5-debuginfo-1.3.4-49.ppc.rpm
814e5b231faabb8ef6431329883113ef  krb5-debuginfo-1.3.4-49.ppc64.rpm
1b94755c3809a53ee8a65a5579019a3e  krb5-devel-1.3.4-49.ppc.rpm
3eb28a977ad52918f2d5df8bc3a24a3b  krb5-libs-1.3.4-49.ppc.rpm
79782bc2122f93deaba0de971bfa1eb6  krb5-libs-1.3.4-49.ppc64.rpm
1ae8f9b1d1f8e27280888b75af8138a7  krb5-server-1.3.4-49.ppc.rpm
e490dc881325c56e368f70d34c0b7b67  krb5-workstation-1.3.4-49.ppc.rpm

s390:
f7aa904838a1309887da54444097bcd8  krb5-debuginfo-1.3.4-49.s390.rpm
4949a26a347fbc4604c86dae30d5d187  krb5-devel-1.3.4-49.s390.rpm
87af5e561f5f50397b0523ebed0bc4d0  krb5-libs-1.3.4-49.s390.rpm
05f6afee497706fd56f8a29260b46a82  krb5-server-1.3.4-49.s390.rpm
f08171179038a61920c2ca261d91bb67  krb5-workstation-1.3.4-49.s390.rpm

s390x:
f7aa904838a1309887da54444097bcd8  krb5-debuginfo-1.3.4-49.s390.rpm
5d4ce43cf23e05dcecf3925206b45f73  krb5-debuginfo-1.3.4-49.s390x.rpm
960e8a982fceea58ea7b617c00445dd0  krb5-devel-1.3.4-49.s390x.rpm
87af5e561f5f50397b0523ebed0bc4d0  krb5-libs-1.3.4-49.s390.rpm
24c67d15da32251725ec76b4aeaec7ad  krb5-libs-1.3.4-49.s390x.rpm
19c506e2e0c8c6592e799cd7e95bc1d4  krb5-server-1.3.4-49.s390x.rpm
17d13fc645f2c8c9c2ee6adc31e16a26  krb5-workstation-1.3.4-49.s390x.rpm

x86_64:
9e3db992036d070d8932180873098150  krb5-debuginfo-1.3.4-49.i386.rpm
5418edb6f780481f4fc581ea931c0249  krb5-debuginfo-1.3.4-49.x86_64.rpm
203b9502c0d5603f21da65eff1aac97e  krb5-devel-1.3.4-49.x86_64.rpm
a98a07dbc3bb70a29be7abf1f9413514  krb5-libs-1.3.4-49.i386.rpm
5a52bd88b120e3fbc675b6f83e001679  krb5-libs-1.3.4-49.x86_64.rpm
90e96766548f63e93928bb5d6a1b6c2a  krb5-server-1.3.4-49.x86_64.rpm
eb922c5ad814e73069f201ac703b3c40  krb5-workstation-1.3.4-49.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/krb5-1.3.4-49.src.rpm
31d66f8b81a412d2b527a1d2e34a6e29  krb5-1.3.4-49.src.rpm

i386:
9e3db992036d070d8932180873098150  krb5-debuginfo-1.3.4-49.i386.rpm
cb0671a2c26fea448cc88e973513de5e  krb5-devel-1.3.4-49.i386.rpm
a98a07dbc3bb70a29be7abf1f9413514  krb5-libs-1.3.4-49.i386.rpm
4ae9d98926bb5b88562d2a9df1d5b019  krb5-server-1.3.4-49.i386.rpm
292e2aba8e5f54b252d8c2dcae346c2c  krb5-workstation-1.3.4-49.i386.rpm

x86_64:
9e3db992036d070d8932180873098150  krb5-debuginfo-1.3.4-49.i386.rpm
5418edb6f780481f4fc581ea931c0249  krb5-debuginfo-1.3.4-49.x86_64.rpm
203b9502c0d5603f21da65eff1aac97e  krb5-devel-1.3.4-49.x86_64.rpm
a98a07dbc3bb70a29be7abf1f9413514  krb5-libs-1.3.4-49.i386.rpm
5a52bd88b120e3fbc675b6f83e001679  krb5-libs-1.3.4-49.x86_64.rpm
90e96766548f63e93928bb5d6a1b6c2a  krb5-server-1.3.4-49.x86_64.rpm
eb922c5ad814e73069f201ac703b3c40  krb5-workstation-1.3.4-49.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/krb5-1.3.4-49.src.rpm
31d66f8b81a412d2b527a1d2e34a6e29  krb5-1.3.4-49.src.rpm

i386:
9e3db992036d070d8932180873098150  krb5-debuginfo-1.3.4-49.i386.rpm
cb0671a2c26fea448cc88e973513de5e  krb5-devel-1.3.4-49.i386.rpm
a98a07dbc3bb70a29be7abf1f9413514  krb5-libs-1.3.4-49.i386.rpm
4ae9d98926bb5b88562d2a9df1d5b019  krb5-server-1.3.4-49.i386.rpm
292e2aba8e5f54b252d8c2dcae346c2c  krb5-workstation-1.3.4-49.i386.rpm

ia64:
9e3db992036d070d8932180873098150  krb5-debuginfo-1.3.4-49.i386.rpm
9b548a0ef35ea35fd9679ccf42703ec6  krb5-debuginfo-1.3.4-49.ia64.rpm
14661d7ee6d5005c074bbed129cfac43  krb5-devel-1.3.4-49.ia64.rpm
a98a07dbc3bb70a29be7abf1f9413514  krb5-libs-1.3.4-49.i386.rpm
09a2550dc627f1eeda901a1884a04a2f  krb5-libs-1.3.4-49.ia64.rpm
03c9f1f5d4bcc5921574167506a67fcd  krb5-server-1.3.4-49.ia64.rpm
5292efc768b6d6f2ee260a906fc3e46e  krb5-workstation-1.3.4-49.ia64.rpm

x86_64:
9e3db992036d070d8932180873098150  krb5-debuginfo-1.3.4-49.i386.rpm
5418edb6f780481f4fc581ea931c0249  krb5-debuginfo-1.3.4-49.x86_64.rpm
203b9502c0d5603f21da65eff1aac97e  krb5-devel-1.3.4-49.x86_64.rpm
a98a07dbc3bb70a29be7abf1f9413514  krb5-libs-1.3.4-49.i386.rpm
5a52bd88b120e3fbc675b6f83e001679  krb5-libs-1.3.4-49.x86_64.rpm
90e96766548f63e93928bb5d6a1b6c2a  krb5-server-1.3.4-49.x86_64.rpm
eb922c5ad814e73069f201ac703b3c40  krb5-workstation-1.3.4-49.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/krb5-1.3.4-49.src.rpm
31d66f8b81a412d2b527a1d2e34a6e29  krb5-1.3.4-49.src.rpm

i386:
9e3db992036d070d8932180873098150  krb5-debuginfo-1.3.4-49.i386.rpm
cb0671a2c26fea448cc88e973513de5e  krb5-devel-1.3.4-49.i386.rpm
a98a07dbc3bb70a29be7abf1f9413514  krb5-libs-1.3.4-49.i386.rpm
4ae9d98926bb5b88562d2a9df1d5b019  krb5-server-1.3.4-49.i386.rpm
292e2aba8e5f54b252d8c2dcae346c2c  krb5-workstation-1.3.4-49.i386.rpm

ia64:
9e3db992036d070d8932180873098150  krb5-debuginfo-1.3.4-49.i386.rpm
9b548a0ef35ea35fd9679ccf42703ec6  krb5-debuginfo-1.3.4-49.ia64.rpm
14661d7ee6d5005c074bbed129cfac43  krb5-devel-1.3.4-49.ia64.rpm
a98a07dbc3bb70a29be7abf1f9413514  krb5-libs-1.3.4-49.i386.rpm
09a2550dc627f1eeda901a1884a04a2f  krb5-libs-1.3.4-49.ia64.rpm
03c9f1f5d4bcc5921574167506a67fcd  krb5-server-1.3.4-49.ia64.rpm
5292efc768b6d6f2ee260a906fc3e46e  krb5-workstation-1.3.4-49.ia64.rpm

x86_64:
9e3db992036d070d8932180873098150  krb5-debuginfo-1.3.4-49.i386.rpm
5418edb6f780481f4fc581ea931c0249  krb5-debuginfo-1.3.4-49.x86_64.rpm
203b9502c0d5603f21da65eff1aac97e  krb5-devel-1.3.4-49.x86_64.rpm
a98a07dbc3bb70a29be7abf1f9413514  krb5-libs-1.3.4-49.i386.rpm
5a52bd88b120e3fbc675b6f83e001679  krb5-libs-1.3.4-49.x86_64.rpm
90e96766548f63e93928bb5d6a1b6c2a  krb5-server-1.3.4-49.x86_64.rpm
eb922c5ad814e73069f201ac703b3c40  krb5-workstation-1.3.4-49.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/krb5-1.5-26.src.rpm
54a438d47dd34ba75bdbcfb53e9f3832  krb5-1.5-26.src.rpm

i386:
69770998edd0e2d5ca23f423091ef90f  krb5-debuginfo-1.5-26.i386.rpm
875d59fc81595614b3335e5d56748edb  krb5-libs-1.5-26.i386.rpm
88c301cc700f2d211c900f7c3837b619  krb5-workstation-1.5-26.i386.rpm

x86_64:
69770998edd0e2d5ca23f423091ef90f  krb5-debuginfo-1.5-26.i386.rpm
9c4fbfa8b727102963f2d0212e0b6ef3  krb5-debuginfo-1.5-26.x86_64.rpm
875d59fc81595614b3335e5d56748edb  krb5-libs-1.5-26.i386.rpm
ba62d04600f6c5cc8d30d309e9d72bf1  krb5-libs-1.5-26.x86_64.rpm
6500bf11d424a8249d5f375c23f01f73  krb5-workstation-1.5-26.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/krb5-1.5-26.src.rpm
54a438d47dd34ba75bdbcfb53e9f3832  krb5-1.5-26.src.rpm

i386:
69770998edd0e2d5ca23f423091ef90f  krb5-debuginfo-1.5-26.i386.rpm
0e031dbfc8ae4ce42c1554d9859f4439  krb5-devel-1.5-26.i386.rpm
87ae5719718af36d6857fd88c99ee4d5  krb5-server-1.5-26.i386.rpm

x86_64:
69770998edd0e2d5ca23f423091ef90f  krb5-debuginfo-1.5-26.i386.rpm
9c4fbfa8b727102963f2d0212e0b6ef3  krb5-debuginfo-1.5-26.x86_64.rpm
0e031dbfc8ae4ce42c1554d9859f4439  krb5-devel-1.5-26.i386.rpm
8c43a19f27676d6a98b679685467ad2a  krb5-devel-1.5-26.x86_64.rpm
0fddf58301fb29cfb89d68c6d3ced90c  krb5-server-1.5-26.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/krb5-1.5-26.src.rpm
54a438d47dd34ba75bdbcfb53e9f3832  krb5-1.5-26.src.rpm

i386:
69770998edd0e2d5ca23f423091ef90f  krb5-debuginfo-1.5-26.i386.rpm
0e031dbfc8ae4ce42c1554d9859f4439  krb5-devel-1.5-26.i386.rpm
875d59fc81595614b3335e5d56748edb  krb5-libs-1.5-26.i386.rpm
87ae5719718af36d6857fd88c99ee4d5  krb5-server-1.5-26.i386.rpm
88c301cc700f2d211c900f7c3837b619  krb5-workstation-1.5-26.i386.rpm

ia64:
69770998edd0e2d5ca23f423091ef90f  krb5-debuginfo-1.5-26.i386.rpm
a0f8f3df4bbdb5e94ff556946e83a60e  krb5-debuginfo-1.5-26.ia64.rpm
5ef813b691ab5a95f2b7af3cfcf21bf0  krb5-devel-1.5-26.ia64.rpm
875d59fc81595614b3335e5d56748edb  krb5-libs-1.5-26.i386.rpm
c25c1b5f6ae401c0728b58c98d6fabd5  krb5-libs-1.5-26.ia64.rpm
8063d46e7fd2afd3966eb38ac8833f8e  krb5-server-1.5-26.ia64.rpm
96ce7fd870d01058e5ccb37160f07d58  krb5-workstation-1.5-26.ia64.rpm

ppc:
cc6950cde10d3e9b5327ae4eadb757ab  krb5-debuginfo-1.5-26.ppc.rpm
6b3d8dd0c4c01c582995d85d277e9a3c  krb5-debuginfo-1.5-26.ppc64.rpm
c401f61001797ec5e397baee3517d3e6  krb5-devel-1.5-26.ppc.rpm
55f2c0ea136eee94cd39fb3a5294bc62  krb5-devel-1.5-26.ppc64.rpm
8f64c9b4ba5ca67e1a9329a8dc5df14a  krb5-libs-1.5-26.ppc.rpm
2f54d3558e176b07de92d34893202525  krb5-libs-1.5-26.ppc64.rpm
3c69961f371ad75f4149e5c30d9f6f08  krb5-server-1.5-26.ppc.rpm
ebada313d9561eabcde7f6b564c759cd  krb5-workstation-1.5-26.ppc.rpm

s390x:
8a08d38f1a832aa1c705df1590391ba9  krb5-debuginfo-1.5-26.s390.rpm
580abd3b672ca61323110f079222acb1  krb5-debuginfo-1.5-26.s390x.rpm
18ce9444dba20d59d422aec6fd917867  krb5-devel-1.5-26.s390.rpm
9f8f941f62fa7ebc843e01f55fad337c  krb5-devel-1.5-26.s390x.rpm
85a77396b0595f996844ecc751d3e812  krb5-libs-1.5-26.s390.rpm
b9cae4f992f458f94c05437403e11d63  krb5-libs-1.5-26.s390x.rpm
6c68e84c637613a5847d002a5fbbe8f0  krb5-server-1.5-26.s390x.rpm
04c192622a4b8cdd77d2a7b975b78f55  krb5-workstation-1.5-26.s390x.rpm

x86_64:
69770998edd0e2d5ca23f423091ef90f  krb5-debuginfo-1.5-26.i386.rpm
9c4fbfa8b727102963f2d0212e0b6ef3  krb5-debuginfo-1.5-26.x86_64.rpm
0e031dbfc8ae4ce42c1554d9859f4439  krb5-devel-1.5-26.i386.rpm
8c43a19f27676d6a98b679685467ad2a  krb5-devel-1.5-26.x86_64.rpm
875d59fc81595614b3335e5d56748edb  krb5-libs-1.5-26.i386.rpm
ba62d04600f6c5cc8d30d309e9d72bf1  krb5-libs-1.5-26.x86_64.rpm
0fddf58301fb29cfb89d68c6d3ced90c  krb5-server-1.5-26.x86_64.rpm
6500bf11d424a8249d5f375c23f01f73  krb5-workstation-1.5-26.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hacker Halted 2014: Johnny Long Calls for Hackers for Charity Volunteers
RIPS – Static Source Code Analysis For PHP Vulnerabilities
Finding a Video Poker Bug Made These Guys Rich—Then Vegas Made Them Pay
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.