LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 2nd, 2014
Linux Advisory Watch: August 29th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: [ MDVSA-2009:082 ] krb5 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token (CVE-2009-0845). This update provides the fix for that security issue.
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:082
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : krb5
 Date    : March 30, 2009
 Affected: 2008.0, 2008.1, 2009.0
 _______________________________________________________________________

 Problem Description:

 The spnego_gss_accept_sec_context function in
 lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.6.3,
 when SPNEGO is used, allows remote attackers to cause a denial of
 service (NULL pointer dereference and application crash) via invalid
 ContextFlags data in the reqFlags field in a negTokenInit token
 (CVE-2009-0845).
 
 This update provides the fix for that security issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 5ce18c7f810209979b0d670c989fcdc2  2008.0/i586/ftp-client-krb5-1.6.2-7.2mdv2008.0.i586.rpm
 6d58576196a55749c3bdd7157a2ba7e9  2008.0/i586/ftp-server-krb5-1.6.2-7.2mdv2008.0.i586.rpm
 9b14295be74bcd2e8ca158703fe574af  2008.0/i586/krb5-1.6.2-7.2mdv2008.0.i586.rpm
 c6b9a9720d60df5fccb5811e7be1350a  2008.0/i586/krb5-server-1.6.2-7.2mdv2008.0.i586.rpm
 f0ab1b71b472dee0c7c7d9af32f9fe6e  2008.0/i586/krb5-workstation-1.6.2-7.2mdv2008.0.i586.rpm
 aec6870df99ff689b0e34e94878bd62e  2008.0/i586/libkrb53-1.6.2-7.2mdv2008.0.i586.rpm
 5d3cc34a120ab4e0d5e796ef2cc85e02  2008.0/i586/libkrb53-devel-1.6.2-7.2mdv2008.0.i586.rpm
 7efb86a61cd8ce6f16f1df14b05fb76f  2008.0/i586/telnet-client-krb5-1.6.2-7.2mdv2008.0.i586.rpm
 5798de6ed5b7e418cc66e863c9d1c25d  2008.0/i586/telnet-server-krb5-1.6.2-7.2mdv2008.0.i586.rpm 
 4499bdc87bba4214f3a3e50675ad6ce1  2008.0/SRPMS/krb5-1.6.2-7.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 c258b4f264fa004e755c90c4ec03ecd5  2008.0/x86_64/ftp-client-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm
 6b2582771b5d8c46041b85451b8f70f4  2008.0/x86_64/ftp-server-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm
 0728d70f5053343781ee4d216e6080fa  2008.0/x86_64/krb5-1.6.2-7.2mdv2008.0.x86_64.rpm
 08e7f28f6fd18c9cbe613d0785239390  2008.0/x86_64/krb5-server-1.6.2-7.2mdv2008.0.x86_64.rpm
 f03416152ba0487939fdbc23b60ee054  2008.0/x86_64/krb5-workstation-1.6.2-7.2mdv2008.0.x86_64.rpm
 fd5d56e93430c0a15ba87dd7950eed28  2008.0/x86_64/lib64krb53-1.6.2-7.2mdv2008.0.x86_64.rpm
 3d34e20016be66d98601fa03652ab523  2008.0/x86_64/lib64krb53-devel-1.6.2-7.2mdv2008.0.x86_64.rpm
 cc07613f6e26f48701d8089a0f15056f  2008.0/x86_64/telnet-client-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm
 fa8776c1c3a70b301434937f5ba60c9d  2008.0/x86_64/telnet-server-krb5-1.6.2-7.2mdv2008.0.x86_64.rpm 
 4499bdc87bba4214f3a3e50675ad6ce1  2008.0/SRPMS/krb5-1.6.2-7.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 592aefb75780bf23b1b44f0a40b54da1  2008.1/i586/ftp-client-krb5-1.6.3-6.1mdv2008.1.i586.rpm
 b21e7612f59bec538c68eacb4688d384  2008.1/i586/ftp-server-krb5-1.6.3-6.1mdv2008.1.i586.rpm
 7abf7a73566130cbfc0bd4d25eb4596e  2008.1/i586/krb5-1.6.3-6.1mdv2008.1.i586.rpm
 78a7dfeb9dc53cfa7e3bbee6250696d2  2008.1/i586/krb5-server-1.6.3-6.1mdv2008.1.i586.rpm
 5471b67366a10ab5de61acfe68d683b1  2008.1/i586/krb5-workstation-1.6.3-6.1mdv2008.1.i586.rpm
 9004c8d03615552f687f6f31292fa57e  2008.1/i586/libkrb53-1.6.3-6.1mdv2008.1.i586.rpm
 0c0fd6e1aeb4839503d7dda0a167de83  2008.1/i586/libkrb53-devel-1.6.3-6.1mdv2008.1.i586.rpm
 1770b94a6e97336541cd72daa2196b01  2008.1/i586/telnet-client-krb5-1.6.3-6.1mdv2008.1.i586.rpm
 a8949f3aefe925ed5411198a7c7ec211  2008.1/i586/telnet-server-krb5-1.6.3-6.1mdv2008.1.i586.rpm 
 5d8ec12aeac32033ad66f977ea61f878  2008.1/SRPMS/krb5-1.6.3-6.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 229800b13b28dbd13b032e37032d9342  2008.1/x86_64/ftp-client-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm
 3aa80e2ce37b3d5892041314a37247f1  2008.1/x86_64/ftp-server-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm
 d582b216c833e422b10a884c8b6e82a4  2008.1/x86_64/krb5-1.6.3-6.1mdv2008.1.x86_64.rpm
 a479750fc340e67888ce78b1774f26e1  2008.1/x86_64/krb5-server-1.6.3-6.1mdv2008.1.x86_64.rpm
 a457722a46fad670369250761c2747ad  2008.1/x86_64/krb5-workstation-1.6.3-6.1mdv2008.1.x86_64.rpm
 ce56dff13552bf9937577de0fa492f05  2008.1/x86_64/lib64krb53-1.6.3-6.1mdv2008.1.x86_64.rpm
 e804e47ddad22d93bc3d5e792097f77c  2008.1/x86_64/lib64krb53-devel-1.6.3-6.1mdv2008.1.x86_64.rpm
 618aba8252aed6b011c7e25836242a1b  2008.1/x86_64/telnet-client-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm
 acb8f57d05dff96485af9763684dead5  2008.1/x86_64/telnet-server-krb5-1.6.3-6.1mdv2008.1.x86_64.rpm 
 5d8ec12aeac32033ad66f977ea61f878  2008.1/SRPMS/krb5-1.6.3-6.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 d2cd9967a894064c2ff33e4c6970b296  2009.0/i586/ftp-client-krb5-1.6.3-6.1mdv2009.0.i586.rpm
 b476eddeae5bb76df6b5091a2efa6bc8  2009.0/i586/ftp-server-krb5-1.6.3-6.1mdv2009.0.i586.rpm
 1c3cfae7f5472af3c74f11ed62024496  2009.0/i586/krb5-1.6.3-6.1mdv2009.0.i586.rpm
 cbbd5704c0bbc54d022d477185b70380  2009.0/i586/krb5-server-1.6.3-6.1mdv2009.0.i586.rpm
 19bf11bf9967c1cdd62634cba5b11554  2009.0/i586/krb5-workstation-1.6.3-6.1mdv2009.0.i586.rpm
 e55d4e80433f89c4b6a4f44102ab1393  2009.0/i586/libkrb53-1.6.3-6.1mdv2009.0.i586.rpm
 6c4aa5674b0a4e0994161a41259d6329  2009.0/i586/libkrb53-devel-1.6.3-6.1mdv2009.0.i586.rpm
 a12749b4bd1404fad9133e8be4a03092  2009.0/i586/telnet-client-krb5-1.6.3-6.1mdv2009.0.i586.rpm
 ee48a33cc0415e1f7b8baa62c309a5a0  2009.0/i586/telnet-server-krb5-1.6.3-6.1mdv2009.0.i586.rpm 
 6b3cb2c6eba23f22c4fa5d641e1d732a  2009.0/SRPMS/krb5-1.6.3-6.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 91674ae49f677de9a3668387298e55c8  2009.0/x86_64/ftp-client-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm
 340778bb02e00f90e76a8607d70da274  2009.0/x86_64/ftp-server-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm
 06e071f10e53fa4dc98584e83e99f250  2009.0/x86_64/krb5-1.6.3-6.1mdv2009.0.x86_64.rpm
 e1d71c1315d5c57372bb532849e99238  2009.0/x86_64/krb5-server-1.6.3-6.1mdv2009.0.x86_64.rpm
 2c020178838c11639584e0cb78265d96  2009.0/x86_64/krb5-workstation-1.6.3-6.1mdv2009.0.x86_64.rpm
 f1ff13e8ff000a60a57702c4030eb782  2009.0/x86_64/lib64krb53-1.6.3-6.1mdv2009.0.x86_64.rpm
 bbd9d17d5c02468ce5e3dfe475a2daf0  2009.0/x86_64/lib64krb53-devel-1.6.3-6.1mdv2009.0.x86_64.rpm
 71b14ba1165e4e792e7eaef511c83c14  2009.0/x86_64/telnet-client-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm
 17b7bd824ec891d873c5b80a36a6110e  2009.0/x86_64/telnet-server-krb5-1.6.3-6.1mdv2009.0.x86_64.rpm 
 6b3cb2c6eba23f22c4fa5d641e1d732a  2009.0/SRPMS/krb5-1.6.3-6.1mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.