MDKSA-2007:008

Package name

krb5

Date

2007-01-10

Advisory ID

MDKSA-2007:008

Affected versions

2006.0 i586 , 2007.0 x86_64 , 2007.0 i586 , CS4.0 i586 , CS4.0 x86_64 , 2006.0 x86_64

Problem description

A vulnerability in the RPC library in Kerberos 1.4.x and 1.5.x as used
in the kadmind administration daemon calls an uninitialized function
pointer in freed memory, which could allow a remote attacker to cause a
Denial of Service and possibly execute arbitrary code via unspecified
vectors.

Updated packages are patched to address this issue.

Updated packages

2006.0 i586

 a60e03243b204a7b0281d32aff6c7877  2006.0/i586/ftp-client-krb5-1.4.2-1.2.20060mdk.i586.rpm
 98552d247f0bd6231310715dd1fbb4a4  2006.0/i586/ftp-server-krb5-1.4.2-1.2.20060mdk.i586.rpm
 50eff45fd46afd3e04147cbd98fa99cd  2006.0/i586/krb5-server-1.4.2-1.2.20060mdk.i586.rpm
 58b570956596827c6c83db43b3b6ec4d  2006.0/i586/krb5-workstation-1.4.2-1.2.20060mdk.i586.rpm
 63f2980118e016c51bb8707d6f32eec5  2006.0/i586/libkrb53-1.4.2-1.2.20060mdk.i586.rpm
 362a93222614d35ea479318701695b9a  2006.0/i586/libkrb53-devel-1.4.2-1.2.20060mdk.i586.rpm
 19336d7d0cbc13f337b6d883e19c90c0  2006.0/i586/telnet-client-krb5-1.4.2-1.2.20060mdk.i586.rpm
 474a525a042f18b8f20c1353d34f4d94  2006.0/i586/telnet-server-krb5-1.4.2-1.2.20060mdk.i586.rpm 
 4e9722344646e273932c56b85edb747d  2006.0/SRPMS/krb5-1.4.2-1.2.20060mdk.src.rpm

2007.0 x86_64

 9e8a87605787eb574739756f86f00183  2007.0/x86_64/ftp-client-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
 0ed4b823492d3d69947610f9b95cd44a  2007.0/x86_64/ftp-server-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
 4cfa5d7da28f635c4ddb390f16f2dd32  2007.0/x86_64/krb5-server-1.4.3-6.1mdv2007.0.x86_64.rpm
 1546df114a3c250d7c2cf01a10daa6fc  2007.0/x86_64/krb5-workstation-1.4.3-6.1mdv2007.0.x86_64.rpm
 13b45d5e3efbc4d5ef0025ef3eb73cd3  2007.0/x86_64/lib64krb53-1.4.3-6.1mdv2007.0.x86_64.rpm
 5b1a6627c0ce7cfa165f0a594b031a3b  2007.0/x86_64/lib64krb53-devel-1.4.3-6.1mdv2007.0.x86_64.rpm
 18aedb28ddfc99096925047b21a7bd2c  2007.0/x86_64/telnet-client-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
 cc35d21b8c920f9379b6e0868dec98fd  2007.0/x86_64/telnet-server-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm 
 8b18bbe4f22325dd4ee5a99eef7e32dd  2007.0/SRPMS/krb5-1.4.3-6.1mdv2007.0.src.rpm

2007.0 i586

 a4d1443d510f1fef80ae2716f4c669ac  2007.0/i586/ftp-client-krb5-1.4.3-6.1mdv2007.0.i586.rpm
 6ad2482bea8be0953e8804e17b5f6be6  2007.0/i586/ftp-server-krb5-1.4.3-6.1mdv2007.0.i586.rpm
 0bdec1016065a8bb04089edd69dcaf67  2007.0/i586/krb5-server-1.4.3-6.1mdv2007.0.i586.rpm
 c51cb207bf1d7adcb7e73ca236247e60  2007.0/i586/krb5-workstation-1.4.3-6.1mdv2007.0.i586.rpm
 f49d9636ec2ee3be4160f004c9987407  2007.0/i586/libkrb53-1.4.3-6.1mdv2007.0.i586.rpm
 186959cc727e6542a413e18e6606fb0e  2007.0/i586/libkrb53-devel-1.4.3-6.1mdv2007.0.i586.rpm
 327c7461f838c7a4ca9f23500d0581ff  2007.0/i586/telnet-client-krb5-1.4.3-6.1mdv2007.0.i586.rpm
 36c8eae2a02a09d2b93aa00518e0b879  2007.0/i586/telnet-server-krb5-1.4.3-6.1mdv2007.0.i586.rpm 
 8b18bbe4f22325dd4ee5a99eef7e32dd  2007.0/SRPMS/krb5-1.4.3-6.1mdv2007.0.src.rpm

CS4.0 i586

 ddc1741afd0fabd609587f8006f9a1ea  corporate/4.0/i586/ftp-client-krb5-1.4.3-5.1.20060mlcs4.i586.rpm
 2a5b69d4febcc3c3431a812c04a882d7  corporate/4.0/i586/ftp-server-krb5-1.4.3-5.1.20060mlcs4.i586.rpm
 6d1ed5b8ac4bb3ddc0855501eef24baf  corporate/4.0/i586/krb5-server-1.4.3-5.1.20060mlcs4.i586.rpm
 c5d87ffc5d7c09acb2b9915447fa6f5b  corporate/4.0/i586/krb5-workstation-1.4.3-5.1.20060mlcs4.i586.rpm
 139ba7efec113d4bf8cf052daee30694  corporate/4.0/i586/libkrb53-1.4.3-5.1.20060mlcs4.i586.rpm
 202c1536fbec4a847cee0f84b037c882  corporate/4.0/i586/libkrb53-devel-1.4.3-5.1.20060mlcs4.i586.rpm
 0066928b2dccd73cda873b156d787488  corporate/4.0/i586/telnet-client-krb5-1.4.3-5.1.20060mlcs4.i586.rpm
 bc7d767c2521955910621311a52f8dc5  corporate/4.0/i586/telnet-server-krb5-1.4.3-5.1.20060mlcs4.i586.rpm 
 079d5b68cd5c33a1d3dcd31c37be59b7  corporate/4.0/SRPMS/krb5-1.4.3-5.1.20060mlcs4.src.rpm

CS4.0 x86_64

 c7b2c83ca051117c72daaa864930dc4f  corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.1.20060mlcs4.x86_64.rpm
 76da52f8afb94def7cf7ce7aaed54737  corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.1.20060mlcs4.x86_64.rpm
 b1728594817b87985cb5ceb8bbd2cc56  corporate/4.0/x86_64/krb5-server-1.4.3-5.1.20060mlcs4.x86_64.rpm
 5bef7e859d36c1d9c84606ad988c30e5  corporate/4.0/x86_64/krb5-workstation-1.4.3-5.1.20060mlcs4.x86_64.rpm
 6a535d673befe0bfb79889b772382f1f  corporate/4.0/x86_64/lib64krb53-1.4.3-5.1.20060mlcs4.x86_64.rpm
 3da23da5792fba1bf65cbd56eb91dead  corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.1.20060mlcs4.x86_64.rpm
 1eaf0cd620c4c5e3685f6dc2242c191f  corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.1.20060mlcs4.x86_64.rpm
 a0676ac080ced1911ffed68055afac3e  corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.1.20060mlcs4.x86_64.rpm 
 079d5b68cd5c33a1d3dcd31c37be59b7  corporate/4.0/SRPMS/krb5-1.4.3-5.1.20060mlcs4.src.rpm

2006.0 x86_64

 f3c2542c797907b053505c229aabb7bc  2006.0/x86_64/ftp-client-krb5-1.4.2-1.2.20060mdk.x86_64.rpm
 478f693737b4aeb347c143c768d311aa  2006.0/x86_64/ftp-server-krb5-1.4.2-1.2.20060mdk.x86_64.rpm
 be81c7a72bf4c58888f87b8e1de6138e  2006.0/x86_64/krb5-server-1.4.2-1.2.20060mdk.x86_64.rpm
 f257c6013dcc018fd888e99ebd1979e9  2006.0/x86_64/krb5-workstation-1.4.2-1.2.20060mdk.x86_64.rpm
 2caec1d3046bc492c5fff8acea793d6b  2006.0/x86_64/lib64krb53-1.4.2-1.2.20060mdk.x86_64.rpm
 e42da64bf42609db45cfcf870c86e38c  2006.0/x86_64/lib64krb53-devel-1.4.2-1.2.20060mdk.x86_64.rpm
 119e125072bda0a478d0fc6f599c65d1  2006.0/x86_64/telnet-client-krb5-1.4.2-1.2.20060mdk.x86_64.rpm
 8d14872dd37351092def43f732ad91d9  2006.0/x86_64/telnet-server-krb5-1.4.2-1.2.20060mdk.x86_64.rpm 
 4e9722344646e273932c56b85edb747d  2006.0/SRPMS/krb5-1.4.2-1.2.20060mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143
• http://www.cert.org/advisories/481564
• http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt