Paketname
krb5
Datum
2004-08-31
Advisory ID
MDKSA-2004:088
Betroffene Versionen
9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , CS2.1 i586 , 10.0 i586 , 9.2 i586 , 9.1 i586 , MNF8.2 i586 , 9.1 i586

Problembeschreibung

A double-free vulnerability exists in the MIT Kerberos 5's KDC program that could potentially allow a remote attacker to execute arbitrary code on the KDC host. As well, multiple double-free vulnerabilities exist in the krb5 library code, which makes client programs and application servers vulnerable. The MIT Kerberos 5 development team believes that exploitation of these bugs would be difficult and no known vulnerabilities are believed to exist. The vulnerability in krb524d was discovered by Marc Horowitz; the other double-free vulnerabilities were discovered by Will Fiveash and Nico Williams at Sun. Will Fiveash and Nico Williams also found another vulnerability in the ASN.1 decoder library. This makes krb5 vulnerable to a DoS (Denial of Service) attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack. The MIT Kerberos 5 team has provided patches which have been applied to the updated software to fix these issues. Mandrakesoft encourages all users to upgrade immediately.

Aktualisierte Pakete

9.2 amd64

 cb418490002d5bfc9a063a35e04e4b06  amd64/9.2/RPMS/ftp-client-krb5-1.3-3.3.92mdk.amd64.rpm
6eb46b17f7d259196837767edaf0362e  amd64/9.2/RPMS/ftp-server-krb5-1.3-3.3.92mdk.amd64.rpm
bfec6312e1bfe7df0af348238ffb3e54  amd64/9.2/RPMS/krb5-server-1.3-3.3.92mdk.amd64.rpm
8db31b019fed08e22731bcc42528b883  amd64/9.2/RPMS/krb5-workstation-1.3-3.3.92mdk.amd64.rpm
7d167edd4f1586679651851964ce90ea  amd64/9.2/RPMS/lib64krb51-1.3-3.3.92mdk.amd64.rpm
e16b452c492c3b38b47e5f7ac29ccb51  amd64/9.2/RPMS/lib64krb51-devel-1.3-3.3.92mdk.amd64.rpm
46e3c90ed9654d144f4c1970857abc44  amd64/9.2/RPMS/telnet-client-krb5-1.3-3.3.92mdk.amd64.rpm
e6ba681247da6ff006841be52ec974d1  amd64/9.2/RPMS/telnet-server-krb5-1.3-3.3.92mdk.amd64.rpm
8799df57f8078659c7942a18da4f180b  amd64/9.2/SRPMS/krb5-1.3-3.3.92mdk.src.rpm

CS2.1 x86_64

 7cc0c84ac6d19ed0d5ce75409aaf5c32  x86_64/corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.7.C21mdk.x86_64.rpm
2f78604bcb5826934d18761973861c43  x86_64/corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.7.C21mdk.x86_64.rpm
92f08007a0f82334b7510aa51b2462a8  x86_64/corporate/2.1/RPMS/krb5-devel-1.2.5-1.7.C21mdk.x86_64.rpm
812e14a4be8fc9da8c4b8d1796e91537  x86_64/corporate/2.1/RPMS/krb5-libs-1.2.5-1.7.C21mdk.x86_64.rpm
ddbf43767fe84596fd841208e4f52411  x86_64/corporate/2.1/RPMS/krb5-server-1.2.5-1.7.C21mdk.x86_64.rpm
8dd02b95a90960233afc8dcd40d1d057  x86_64/corporate/2.1/RPMS/krb5-workstation-1.2.5-1.7.C21mdk.x86_64.rpm
70dd009c061b6124d49d91464c10d7ea  x86_64/corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.7.C21mdk.x86_64.rpm
7d5721b36c4d5df068c60eee73742c8a  x86_64/corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.7.C21mdk.x86_64.rpm
9447bb1a7e7520fcde4ebfc33ab72d6e  x86_64/corporate/2.1/SRPMS/krb5-1.2.5-1.7.C21mdk.src.rpm

10.0 amd64

 2af868662b6264e92be5db61ab15d556  amd64/10.0/RPMS/ftp-client-krb5-1.3-6.3.100mdk.amd64.rpm
31bf307767c05eae0ac91a417b8bc1f9  amd64/10.0/RPMS/ftp-server-krb5-1.3-6.3.100mdk.amd64.rpm
319c35d89dddb94c6c5a70d407e466df  amd64/10.0/RPMS/krb5-server-1.3-6.3.100mdk.amd64.rpm
080f4241e3b5029ca271491de7fb82c0  amd64/10.0/RPMS/krb5-workstation-1.3-6.3.100mdk.amd64.rpm
dfdff0b6b8e67292226c72abdec54e02  amd64/10.0/RPMS/lib64krb51-1.3-6.3.100mdk.amd64.rpm
155f76064f777a5f2d912ff18b1f0303  amd64/10.0/RPMS/lib64krb51-devel-1.3-6.3.100mdk.amd64.rpm
d20e6f4e4eb501f05d9e6af488add5a9  amd64/10.0/RPMS/telnet-client-krb5-1.3-6.3.100mdk.amd64.rpm
ed5c9891c82e49b28572e7df936f6493  amd64/10.0/RPMS/telnet-server-krb5-1.3-6.3.100mdk.amd64.rpm
f3aaaf216f7a850eaf8cb598a20ffc10  amd64/10.0/SRPMS/krb5-1.3-6.3.100mdk.src.rpm

CS2.1 i586

 9d22863c6d09a174166e708b7c6ba939  corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.7.C21mdk.i586.rpm
84cebdea8971d8248f93f3082fb0fe31  corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.7.C21mdk.i586.rpm
41588cb74622aae52f110ac9d15041cb  corporate/2.1/RPMS/krb5-devel-1.2.5-1.7.C21mdk.i586.rpm
a0c447a980bbe4690af8bf5cb1676a5c  corporate/2.1/RPMS/krb5-libs-1.2.5-1.7.C21mdk.i586.rpm
36d8acaa6d56802ae6c85d62e29ed60f  corporate/2.1/RPMS/krb5-server-1.2.5-1.7.C21mdk.i586.rpm
05c39800a5b323e82f670398c77fff08  corporate/2.1/RPMS/krb5-workstation-1.2.5-1.7.C21mdk.i586.rpm
1cd56fccbfa1412f5fb90c0bbcc4647f  corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.7.C21mdk.i586.rpm
d716bf6b8fd8836203dac119db0ee0b4  corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.7.C21mdk.i586.rpm
9447bb1a7e7520fcde4ebfc33ab72d6e  corporate/2.1/SRPMS/krb5-1.2.5-1.7.C21mdk.src.rpm

10.0 i586

 73bb98eb62d434558f17831600fb1458  10.0/RPMS/ftp-client-krb5-1.3-6.3.100mdk.i586.rpm
c478483ce848d59f3f3cf392fbc1eb4b  10.0/RPMS/ftp-server-krb5-1.3-6.3.100mdk.i586.rpm
9e373a4d304f7c6158769f7703a76b01  10.0/RPMS/krb5-server-1.3-6.3.100mdk.i586.rpm
c3ec5f6e266efe0df3dea9edcf801358  10.0/RPMS/krb5-workstation-1.3-6.3.100mdk.i586.rpm
34951f4e03deff6e11025f1955035ae0  10.0/RPMS/libkrb51-1.3-6.3.100mdk.i586.rpm
2e1e16e24bcbbed0c6b9b3cd46eca10c  10.0/RPMS/libkrb51-devel-1.3-6.3.100mdk.i586.rpm
b8201603630be58a4fa7facb91c7f154  10.0/RPMS/telnet-client-krb5-1.3-6.3.100mdk.i586.rpm
666908b4dea44b25838965b02f00c1dd  10.0/RPMS/telnet-server-krb5-1.3-6.3.100mdk.i586.rpm
f3aaaf216f7a850eaf8cb598a20ffc10  10.0/SRPMS/krb5-1.3-6.3.100mdk.src.rpm

9.2 i586

 90415502d5a62a79594f5fef4244e7c8  9.2/RPMS/ftp-client-krb5-1.3-3.3.92mdk.i586.rpm
7d82c32903319720fba066204ab175e1  9.2/RPMS/ftp-server-krb5-1.3-3.3.92mdk.i586.rpm
b1ddf3c172f89fb13fa0f786969ccc31  9.2/RPMS/krb5-server-1.3-3.3.92mdk.i586.rpm
40acba56c3e11c475e31de3a1bae0cb5  9.2/RPMS/krb5-workstation-1.3-3.3.92mdk.i586.rpm
cfd5554e669ef905f74594bcba6ccf4c  9.2/RPMS/libkrb51-1.3-3.3.92mdk.i586.rpm
5ea52458e2d00aa6a300aaa5a50ca389  9.2/RPMS/libkrb51-devel-1.3-3.3.92mdk.i586.rpm
6c081822fb10635aa6794e9930b3a2ea  9.2/RPMS/telnet-client-krb5-1.3-3.3.92mdk.i586.rpm
2a41c73fa2475981a944062984a2dd2d  9.2/RPMS/telnet-server-krb5-1.3-3.3.92mdk.i586.rpm
8799df57f8078659c7942a18da4f180b  9.2/SRPMS/krb5-1.3-3.3.92mdk.src.rpm

9.1 i586

 097a2e12350a3ade31fae4c932d19e07  9.1/RPMS/ftp-client-krb5-1.2.7-1.4.91mdk.i586.rpm
2c633d7c508d76965cd3810dc031a4db  9.1/RPMS/ftp-server-krb5-1.2.7-1.4.91mdk.i586.rpm
76f2c05668511a7f4ba91bdc386ef4fe  9.1/RPMS/krb5-devel-1.2.7-1.4.91mdk.i586.rpm
9d40edf481b4f422428f85ff74dbc74c  9.1/RPMS/krb5-libs-1.2.7-1.4.91mdk.i586.rpm
ca64ff3f58567d44e15289ef74616f53  9.1/RPMS/krb5-server-1.2.7-1.4.91mdk.i586.rpm
98b098ebc6458fbee8a4f8f8931cbb03  9.1/RPMS/krb5-workstation-1.2.7-1.4.91mdk.i586.rpm
5166992c03e97b9fa55609271747b2ae  9.1/RPMS/telnet-client-krb5-1.2.7-1.4.91mdk.i586.rpm
59a9763e113ad2f319c826b8e13762d0  9.1/RPMS/telnet-server-krb5-1.2.7-1.4.91mdk.i586.rpm
6c62e73e872133b51287c902d15511b1  9.1/SRPMS/krb5-1.2.7-1.4.91mdk.src.rpm

MNF8.2 i586

 e8fb8405db0a463f4f83bad54064770f  mnf8.2/RPMS/krb5-libs-1.2.2-17.8.M82mdk.i586.rpm
da83d39d128b15e4ed7c5311c3753ce4  mnf8.2/SRPMS/krb5-1.2.2-17.8.M82mdk.src.rpm

9.1 i586

 7105c4249b38453bc5fabf2ebe19b870  ppc/9.1/RPMS/ftp-client-krb5-1.2.7-1.4.91mdk.ppc.rpm
5b8bdffbdd3cc36b7763a9fb380e366f  ppc/9.1/RPMS/ftp-server-krb5-1.2.7-1.4.91mdk.ppc.rpm
d516817207e2773b33cb823d913e04c3  ppc/9.1/RPMS/krb5-devel-1.2.7-1.4.91mdk.ppc.rpm
32fa10923b950f4a125e2228ad7cabca  ppc/9.1/RPMS/krb5-libs-1.2.7-1.4.91mdk.ppc.rpm
6da80b652767d48a9305448470151229  ppc/9.1/RPMS/krb5-server-1.2.7-1.4.91mdk.ppc.rpm
1f7e604cf9a7e305facd53542c3e15df  ppc/9.1/RPMS/krb5-workstation-1.2.7-1.4.91mdk.ppc.rpm
b9dee2c91cd387e0d6e062a1ccc00662  ppc/9.1/RPMS/telnet-client-krb5-1.2.7-1.4.91mdk.ppc.rpm
fb648e078c85433de7f9ac7ef90709dc  ppc/9.1/RPMS/telnet-server-krb5-1.2.7-1.4.91mdk.ppc.rpm
6c62e73e872133b51287c902d15511b1  ppc/9.1/SRPMS/krb5-1.2.7-1.4.91mdk.src.rpm

Referenzen