[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 291/04 - MDKSA-2004:056-1 - krb5



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 291/04 dated 14.06.04  Time: 15:15  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

MDKSA-2004:056-1 - krb5


Detail
====== 

Multiple buffer overflows exist in the krb5_aname_to_localname()  library function that 
if exploited could lead to unauthorized root  privileges.  In order to exploit this flaw, 
an attacker must first  successfully authenticate to a vulnerable service, which must be  
configured to enable the explicit mapping or rules-based mapping  functionality of 
krb5_aname_to_localname, which is not a default  configuration.







- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory  

 Package name:           krb5
 Advisory ID:            MDKSA-2004:056-1
 Date:                   June 9th, 2004
 Original Advisory Date: June 3rd, 2004
 Affected versions:	 10.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2  

 Problem Description:

 Multiple buffer overflows exist in the krb5_aname_to_localname()  library function that if 
exploited could lead to unauthorized root  privileges.  In order to exploit this flaw, an 
attacker must first  successfully authenticate to a vulnerable service, which must be  
configured to enable the explicit mapping or rules-based mapping  functionality of 
krb5_aname_to_localname, which is not a default  configuration.
 
 Mandrakesoft encourages all users to upgrade to these patched krb5  packages.
  
Update:

 The original patch provided contained a bug where rule-based entries  on systems without 
HAVE_REGCOMP would not work.  These updated  packages provide the second patch provided 
by Kerberos development  team which fixes that behaviour.  

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0523
  http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 f99046b9c22ccd8ee43c55e81455c2da  10.0/RPMS/ftp-client-krb5-1.3-6.2.100mdk.i586.rpm
 71ec023bc253a7a644bf769912581581  10.0/RPMS/ftp-server-krb5-1.3-6.2.100mdk.i586.rpm
 83bc4f8083c696cd886d17c85367da4d  10.0/RPMS/krb5-server-1.3-6.2.100mdk.i586.rpm
 1452a4348bce8d7fbc233041e23976f1  10.0/RPMS/krb5-workstation-1.3-6.2.100mdk.i586.rpm
 adc2470941f1fa52f510ea72905de4a6  10.0/RPMS/libkrb51-1.3-6.2.100mdk.i586.rpm
 b03971c30f024e337097fcf88fcac4ba  10.0/RPMS/libkrb51-devel-1.3-6.2.100mdk.i586.rpm
 e106dd67e9d3a2189558ad020fa74c8e  10.0/RPMS/telnet-client-krb5-1.3-6.2.100mdk.i586.rpm
 916930bef00993dea584b02a7467df01  10.0/RPMS/telnet-server-krb5-1.3-6.2.100mdk.i586.rpm
 69534bf0994a5deb8de8af7e6a8db9bd  10.0/SRPMS/krb5-1.3-6.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 25fdf1ec42187aabc637a49d751440f3  amd64/10.0/RPMS/ftp-client-krb5-1.3-6.2.100mdk.amd64.rpm
 7a325f9779a50902c8825b15e61432d9  amd64/10.0/RPMS/ftp-server-krb5-1.3-6.2.100mdk.amd64.rpm
 53c131a11babc4095a17852b6a832716  amd64/10.0/RPMS/krb5-server-1.3-6.2.100mdk.amd64.rpm
 b20b5bbc158c08ce8f42788f912f846e  amd64/10.0/RPMS/krb5-workstation-1.3-6.2.100mdk.amd64.rpm
 437603db5166ae14f1bc368cdf64c1f8  amd64/10.0/RPMS/lib64krb51-1.3-6.2.100mdk.amd64.rpm
 1f5f4c00b69e785c2d7660a0f16787d7  amd64/10.0/RPMS/lib64krb51-devel-1.3-6.2.100mdk.amd64.rpm
 9654ca0f0e1718702daf4bbe7ac1f8b0  amd64/10.0/RPMS/telnet-client-krb5-1.3-6.2.100mdk.amd64.rpm
 ce1aa30d1a56a44312e8889c5328070a  amd64/10.0/RPMS/telnet-server-krb5-1.3-6.2.100mdk.amd64.rpm
 69534bf0994a5deb8de8af7e6a8db9bd  amd64/10.0/SRPMS/krb5-1.3-6.2.100mdk.src.rpm

 Corporate Server 2.1:
 46c7983a619cc841f08002dc8e7168e5  corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.6.C21mdk.i586.rpm
 5a33a852581bf1513b03e9963e9fb5f1  corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.6.C21mdk.i586.rpm
 5db4ce83f34d89c88dee363f7456a579  corporate/2.1/RPMS/krb5-devel-1.2.5-1.6.C21mdk.i586.rpm
 c973ac1b9a8faf0cc50ab1caaa368650  corporate/2.1/RPMS/krb5-libs-1.2.5-1.6.C21mdk.i586.rpm
 21c88ad82c4c4dcd8273d7be8bdb233c  corporate/2.1/RPMS/krb5-server-1.2.5-1.6.C21mdk.i586.rpm
 be8cf199fd6bcd2a77e134db855cabd8  corporate/2.1/RPMS/krb5-workstation-1.2.5-1.6.C21mdk.i586.rpm
 24e5b09f2539366f3b2263c488c08747  corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.6.C21mdk.i586.rpm
 ba20a57f8ab221b6923d8614990ea632  corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.6.C21mdk.i586.rpm
 3de7ac3dbb7051d43a768c7279fc5ff6  corporate/2.1/SRPMS/krb5-1.2.5-1.6.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 de1460b4ce2c0200016f83dc32318c66  x86_64/corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.6.C21mdk.x86_64.rpm
 a54663cb122512c71e958b36c0101f6f  x86_64/corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.6.C21mdk.x86_64.rpm
 d6ae2f8f95fe40b28cb29386028ce691  x86_64/corporate/2.1/RPMS/krb5-devel-1.2.5-1.6.C21mdk.x86_64.rpm
 5b49725cc0937a61696d4209553c63b6  x86_64/corporate/2.1/RPMS/krb5-libs-1.2.5-1.6.C21mdk.x86_64.rpm
 30becf5eba2ee0ad4d90a4511afa7bfa  x86_64/corporate/2.1/RPMS/krb5-server-1.2.5-1.6.C21mdk.x86_64.rpm
 0f1d037b91fafa087e1d83d6c7c4b06c  x86_64/corporate/2.1/RPMS/krb5-workstation-1.2.5-1.6.C21mdk.x86_64.rpm
 650fed145e95b8cbd98458594cc6c644  x86_64/corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.6.C21mdk.x86_64.rpm
 64da12317074b00acc9d56dce1daedf3  x86_64/corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.6.C21mdk.x86_64.rpm
 3de7ac3dbb7051d43a768c7279fc5ff6  x86_64/corporate/2.1/SRPMS/krb5-1.2.5-1.6.C21mdk.src.rpm

 Mandrakelinux 9.1:
 441f4e7100c5b3f8be81726e53fdf222  9.1/RPMS/ftp-client-krb5-1.2.7-1.3.91mdk.i586.rpm
 d051877320e0ab9c400d466eff9559ba  9.1/RPMS/ftp-server-krb5-1.2.7-1.3.91mdk.i586.rpm
 b32f0cb98b47efd2fb1b04cd130c0854  9.1/RPMS/krb5-devel-1.2.7-1.3.91mdk.i586.rpm
 a2b8deb8fc93b8369ca222a5907478af  9.1/RPMS/krb5-libs-1.2.7-1.3.91mdk.i586.rpm
 c26e07825b09f802d614a22a6faa860f  9.1/RPMS/krb5-server-1.2.7-1.3.91mdk.i586.rpm
 747567def9fe60a96cfd2b2f5be1b1ac  9.1/RPMS/krb5-workstation-1.2.7-1.3.91mdk.i586.rpm
 d0e55eaa93da890ef440b191dee71943  9.1/RPMS/telnet-client-krb5-1.2.7-1.3.91mdk.i586.rpm
 5731acac4bd16d820d7916dd32a5d4d8  9.1/RPMS/telnet-server-krb5-1.2.7-1.3.91mdk.i586.rpm
 9539ee89b7f88a2f845e8414152bb7ca  9.1/SRPMS/krb5-1.2.7-1.3.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 b934cdf4bf7c35c56c2535ca22cae8e2  ppc/9.1/RPMS/ftp-client-krb5-1.2.7-1.3.91mdk.ppc.rpm
 6938f2f92ad903475162c90256108e11  ppc/9.1/RPMS/ftp-server-krb5-1.2.7-1.3.91mdk.ppc.rpm
 744b5d2b55426119118a8809112bfee9  ppc/9.1/RPMS/krb5-devel-1.2.7-1.3.91mdk.ppc.rpm
 5f133f52ae1ed12cbf2535572e532763  ppc/9.1/RPMS/krb5-libs-1.2.7-1.3.91mdk.ppc.rpm
 1cdab319a93b6b2ccab9a8f4f68ac759  ppc/9.1/RPMS/krb5-server-1.2.7-1.3.91mdk.ppc.rpm
 f67d0f0226f79aa18129184e5c5475b4  ppc/9.1/RPMS/krb5-workstation-1.2.7-1.3.91mdk.ppc.rpm
 92a1aec78b8b3986eff4d51cc32885d5  ppc/9.1/RPMS/telnet-client-krb5-1.2.7-1.3.91mdk.ppc.rpm
 c19ce680a739c47e8b46b0da70682470  ppc/9.1/RPMS/telnet-server-krb5-1.2.7-1.3.91mdk.ppc.rpm
 9539ee89b7f88a2f845e8414152bb7ca  ppc/9.1/SRPMS/krb5-1.2.7-1.3.91mdk.src.rpm

 Mandrakelinux 9.2:
 d08f22afc32e753ef0bc90cf604dfdb1  9.2/RPMS/ftp-client-krb5-1.3-3.2.92mdk.i586.rpm
 dc25f20e192c32d3daea4a4f874acb98  9.2/RPMS/ftp-server-krb5-1.3-3.2.92mdk.i586.rpm
 d4561ab2567e7df1f5f1a586a81e8872  9.2/RPMS/krb5-server-1.3-3.2.92mdk.i586.rpm
 0083e0ffa5fe9a9a17c4780fbc026eca  9.2/RPMS/krb5-workstation-1.3-3.2.92mdk.i586.rpm
 b907f745f2f1115290b754dbe503bd3a  9.2/RPMS/libkrb51-1.3-3.2.92mdk.i586.rpm
 09053a957460e7e925b479afaef5e545  9.2/RPMS/libkrb51-devel-1.3-3.2.92mdk.i586.rpm
 b899e55b0ba58b04a1183dcc1d2f0647  9.2/RPMS/telnet-client-krb5-1.3-3.2.92mdk.i586.rpm
 faad683f3bb93d5f41539638046b6f1c  9.2/RPMS/telnet-server-krb5-1.3-3.2.92mdk.i586.rpm
 15ce0a65e3b4d332af84939cf0c85070  9.2/SRPMS/krb5-1.3-3.2.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 caccd7cf30c0741fbc97be20eb0dc05a  amd64/9.2/RPMS/ftp-client-krb5-1.3-3.2.92mdk.amd64.rpm
 266304d9a8ef682bd923f5f4789d7193  amd64/9.2/RPMS/ftp-server-krb5-1.3-3.2.92mdk.amd64.rpm
 b4610e330c05d44c7c983ba142c77c22  amd64/9.2/RPMS/krb5-server-1.3-3.2.92mdk.amd64.rpm
 0bef84b3a99bea0bdc52c706a296302d  amd64/9.2/RPMS/krb5-workstation-1.3-3.2.92mdk.amd64.rpm
 d396c5ecd4f7833ee7166e0b21d427dd  amd64/9.2/RPMS/lib64krb51-1.3-3.2.92mdk.amd64.rpm
 7c71f2e0bf4eede67d9ac4dfb37b6b68  amd64/9.2/RPMS/lib64krb51-devel-1.3-3.2.92mdk.amd64.rpm
 066bbaaccae6f53a673b34a98c61bc90  amd64/9.2/RPMS/telnet-client-krb5-1.3-3.2.92mdk.amd64.rpm
 dce9c58384b1ff86ede26f5988cfeee6  amd64/9.2/RPMS/telnet-server-krb5-1.3-3.2.92mdk.amd64.rpm
 15ce0a65e3b4d332af84939cf0c85070  amd64/9.2/SRPMS/krb5-1.3-3.2.92mdk.src.rpm

 Multi Network Firewall 8.2:
 36edbd4e81a9588b97370ad7d1b85cc3  mnf8.2/RPMS/krb5-libs-1.2.2-17.7.M82mdk.i586.rpm
 8954be36c82d2bd6066cb9ab451d9a32  mnf8.2/SRPMS/krb5-1.2.2-17.7.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification  of md5 checksums 
and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security.  You can obtain  the GPG public key 
of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAx2yxmqjQ0CJFipgRAtWlAKC+4uLzIpxmefr2bkfoX7QkRlCNcQCfXC5l
80XFTgn+qCeQs+EOauO6jOU=
=LEdI
- -----END PGP SIGNATURE-----
- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandrakesoft for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQM2xY4pao72zK539AQH1CgP/UUQlLSm3xZ0fdWvH39WsLgZWgSH+RR6L
7bQLsMi8bTm3bS1bRPYKHHDJS/11JnaVIN7Ity62u/4NXaf7BxDlbLJlrSAbzr+g
+Nq1nF6YGNntW2+hlUMCinN/CGwmXrz5l0vIIPHnYrdX1dIzHU8TBkPeqGYRYnAg
SRPG8ENlV1s=
=fx0H
-----END PGP SIGNATURE-----