LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated krb5 packages fix vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A stack buffer overflow vulnerability was discovered in the RPC library used by Kerberos' kadmind program by Tenable Network Security. A remote unauthenticated user who could access kadmind would be able to trigger the flaw and cause it to crash (CVE-2007-3999).
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                       MDKSA-2007:174-1
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : krb5
 Date    : September 7, 2007
 Affected: 2007.0, 2007.1, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A stack buffer overflow vulnerability was discovered in the RPC
 library used by Kerberos' kadmind program by Tenable Network Security.
 A remote unauthenticated user who could access kadmind would be
 able to trigger the flaw and cause it to crash (CVE-2007-3999).
 This issue is only applicable to Kerberos 1.4 and higher.
 
 Garrett Wollman found an uninitialized pointer vulnerability in
 kadmind which a remote unauthenticated attacker able to access
 kadmind could exploit to cause kadmind to crash (CVE-2007-4000).
 This issue is only applicable to Kerberos 1.5 and higher.

 Update:

 The MIT Kerberos Team found a problem with the originally published
 patch for CVE-2007-3999.  A remote unauthenticated attacker able to
 access kadmind could trigger this flaw and cause kadmind to crash.
 
 Updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4000
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4743
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 3d83b2409d25f194069ee90274d9159d  2007.0/i586/ftp-client-krb5-1.4.3-7.3mdv2007.0.i586.rpm
 d509fce00934c47cde4f090ba59b5810  2007.0/i586/ftp-server-krb5-1.4.3-7.3mdv2007.0.i586.rpm
 f5a8a333b2a33e8c50064fb166da4a11  2007.0/i586/krb5-server-1.4.3-7.3mdv2007.0.i586.rpm
 a664fd3ef5f93ebbc7ffb9180f8adecf  2007.0/i586/krb5-workstation-1.4.3-7.3mdv2007.0.i586.rpm
 3f0c1ac43781df962801b49c30721626  2007.0/i586/libkrb53-1.4.3-7.3mdv2007.0.i586.rpm
 e1c1788aef8043b3569f7b0ce2cfe025  2007.0/i586/libkrb53-devel-1.4.3-7.3mdv2007.0.i586.rpm
 04351e31eaf733ec9231c51de5a90b7d  2007.0/i586/telnet-client-krb5-1.4.3-7.3mdv2007.0.i586.rpm
 f331c4f837de9e2c51af48a75890c560  2007.0/i586/telnet-server-krb5-1.4.3-7.3mdv2007.0.i586.rpm 
 e10dddb3abb9ef921e68e85a5e947bce  2007.0/SRPMS/krb5-1.4.3-7.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 76c6076fb394cb1e6a34efbdeafaf3fb  2007.0/x86_64/ftp-client-krb5-1.4.3-7.3mdv2007.0.x86_64.rpm
 cf36e6aaadcc95291844141ffec84b6a  2007.0/x86_64/ftp-server-krb5-1.4.3-7.3mdv2007.0.x86_64.rpm
 566861d1361f49c2f0dbcdf8e48e7d19  2007.0/x86_64/krb5-server-1.4.3-7.3mdv2007.0.x86_64.rpm
 ddcd64edca9d6f32ac1396347def2fde  2007.0/x86_64/krb5-workstation-1.4.3-7.3mdv2007.0.x86_64.rpm
 bfead2512afb2cdaec99a14b59ad8798  2007.0/x86_64/lib64krb53-1.4.3-7.3mdv2007.0.x86_64.rpm
 41c934c4f221f9970b0b0405c478d5a6  2007.0/x86_64/lib64krb53-devel-1.4.3-7.3mdv2007.0.x86_64.rpm
 e148449570b5e44bc865be67fb4d8fbb  2007.0/x86_64/telnet-client-krb5-1.4.3-7.3mdv2007.0.x86_64.rpm
 12a96915ef3fdfeff0edd9374fd1d86c  2007.0/x86_64/telnet-server-krb5-1.4.3-7.3mdv2007.0.x86_64.rpm 
 e10dddb3abb9ef921e68e85a5e947bce  2007.0/SRPMS/krb5-1.4.3-7.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 4d8ae8f6655402654bdecde37f134501  2007.1/i586/ftp-client-krb5-1.5.2-6.5mdv2007.1.i586.rpm
 d648349e1cee3d1876bb6168bea99d99  2007.1/i586/ftp-server-krb5-1.5.2-6.5mdv2007.1.i586.rpm
 06690dcce28953d6f442820efa563b2d  2007.1/i586/krb5-server-1.5.2-6.5mdv2007.1.i586.rpm
 c0b22ae04818c3a92ea098ec0584dd21  2007.1/i586/krb5-workstation-1.5.2-6.5mdv2007.1.i586.rpm
 ec8417251e0610297c42ddd744a61f9c  2007.1/i586/libkrb53-1.5.2-6.5mdv2007.1.i586.rpm
 168066b3fcfe8e037447fac8dd74830d  2007.1/i586/libkrb53-devel-1.5.2-6.5mdv2007.1.i586.rpm
 e8083813a4a6b392e5e4099dd5630678  2007.1/i586/telnet-client-krb5-1.5.2-6.5mdv2007.1.i586.rpm
 c41ad767966c0cc643877c62644c20b3  2007.1/i586/telnet-server-krb5-1.5.2-6.5mdv2007.1.i586.rpm 
 cc86958987c9c35d6c7118be0d488370  2007.1/SRPMS/krb5-1.5.2-6.5mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 213d549b60580d2bebb49b165914b5d6  2007.1/x86_64/ftp-client-krb5-1.5.2-6.5mdv2007.1.x86_64.rpm
 d99352fc04a84329ed20f48a9c62ad56  2007.1/x86_64/ftp-server-krb5-1.5.2-6.5mdv2007.1.x86_64.rpm
 5ba2dd2f43aecc7dec70e264316b1ae7  2007.1/x86_64/krb5-server-1.5.2-6.5mdv2007.1.x86_64.rpm
 ae5d6a15bcbe24354408f8d6beb95053  2007.1/x86_64/krb5-workstation-1.5.2-6.5mdv2007.1.x86_64.rpm
 3beaa5eb8c2f0d8fecee2a92f082ad1b  2007.1/x86_64/lib64krb53-1.5.2-6.5mdv2007.1.x86_64.rpm
 da143cd98b04889d73a762f5300d8ea6  2007.1/x86_64/lib64krb53-devel-1.5.2-6.5mdv2007.1.x86_64.rpm
 c383f5c0525a2cd16ed24f3d2524ff30  2007.1/x86_64/telnet-client-krb5-1.5.2-6.5mdv2007.1.x86_64.rpm
 ee3fd03954d95ddd3dc5f428712ab82b  2007.1/x86_64/telnet-server-krb5-1.5.2-6.5mdv2007.1.x86_64.rpm 
 cc86958987c9c35d6c7118be0d488370  2007.1/SRPMS/krb5-1.5.2-6.5mdv2007.1.src.rpm

 Corporate 4.0:
 bd67fff4538b39d68100940316aff5d5  corporate/4.0/i586/ftp-client-krb5-1.4.3-5.5.20060mlcs4.i586.rpm
 d54d87a68ae8cab78674d17ac1742e3c  corporate/4.0/i586/ftp-server-krb5-1.4.3-5.5.20060mlcs4.i586.rpm
 c0e518f7615df9128c890d4ad1b11838  corporate/4.0/i586/krb5-server-1.4.3-5.5.20060mlcs4.i586.rpm
 bbcb8b3b35ac26a40fb30a09f87a464f  corporate/4.0/i586/krb5-workstation-1.4.3-5.5.20060mlcs4.i586.rpm
 0c883bec3f2e5bcc105c6b0f57e50c59  corporate/4.0/i586/libkrb53-1.4.3-5.5.20060mlcs4.i586.rpm
 fb99662080d775bbd6d6f8d7de4e5024  corporate/4.0/i586/libkrb53-devel-1.4.3-5.5.20060mlcs4.i586.rpm
 7db93b9b32a3e4b8b1114b4c1937f6d5  corporate/4.0/i586/telnet-client-krb5-1.4.3-5.5.20060mlcs4.i586.rpm
 6aa4e5148e58e694861b658dd90e9bc8  corporate/4.0/i586/telnet-server-krb5-1.4.3-5.5.20060mlcs4.i586.rpm 
 717778b180b3b31d2e20c2433eb47acf  corporate/4.0/SRPMS/krb5-1.4.3-5.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 255f2400287d8ae53d0c57f54a7f676f  corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.5.20060mlcs4.x86_64.rpm
 a7067ed12d3bb8552efc66e64d983cb0  corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.5.20060mlcs4.x86_64.rpm
 98a8f48182cd13761c67b92232e75538  corporate/4.0/x86_64/krb5-server-1.4.3-5.5.20060mlcs4.x86_64.rpm
 12cf6b83a02ce97091fbf3c6a1511c9b  corporate/4.0/x86_64/krb5-workstation-1.4.3-5.5.20060mlcs4.x86_64.rpm
 462970762a2621e4003e8be080ae0801  corporate/4.0/x86_64/lib64krb53-1.4.3-5.5.20060mlcs4.x86_64.rpm
 9b0c69c4174f4e1c07aba85b4d3d505a  corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.5.20060mlcs4.x86_64.rpm
 1c299e02e9e62d1dc9a564c52014c835  corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.5.20060mlcs4.x86_64.rpm
 ee6582ef79958640d02aa8b495514e6a  corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.5.20060mlcs4.x86_64.rpm 
 717778b180b3b31d2e20c2433eb47acf  corporate/4.0/SRPMS/krb5-1.4.3-5.5.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.