MDVSA-2009:098-1

Package name

krb5

Date

2009-12-08

Advisory ID

MDVSA-2009:098-1

Affected versions

2008.0 i586 , 2008.0 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in krb5:

The get_input_token function in the SPNEGO implementation in MIT
Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to
cause a denial of service (daemon crash) and possibly obtain sensitive
information via a crafted length value that triggers a buffer over-read
(CVE-2009-0844).

The spnego_gss_accept_sec_context function in
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5
through 1.6.3, when SPNEGO is used, allows remote attackers to cause
a denial of service (NULL pointer dereference and daemon crash) via
invalid ContextFlags data in the reqFlags field in a negTokenInit token
(CVE-2009-0845).

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in
the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before
1.6.4 allows remote attackers to cause a denial of service (daemon
crash) or possibly execute arbitrary code via vectors involving an
invalid DER encoding that triggers a free of an uninitialized pointer
(CVE-2009-0846).

The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5
(aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to
cause a denial of service (application crash) via a crafted length
value that triggers an erroneous malloc call, related to incorrect
calculations with pointer arithmetic (CVE-2009-0847).

The updated packages have been patched to correct these issues.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 76c92a66601230990ff6281c42067749  2008.0/i586/ftp-client-krb5-1.6.2-7.3mdv2008.0.i586.rpm
 218e4da0c92e594074dc3fbcd27cb3d7  2008.0/i586/ftp-server-krb5-1.6.2-7.3mdv2008.0.i586.rpm
 1051b34f188f5a2606d9ab8a1f126670  2008.0/i586/krb5-1.6.2-7.3mdv2008.0.i586.rpm
 c221a8252b9fd218a813c6a0bff93d6f  2008.0/i586/krb5-server-1.6.2-7.3mdv2008.0.i586.rpm
 7a247e309408dd0b71359f39caf1b7f6  2008.0/i586/krb5-workstation-1.6.2-7.3mdv2008.0.i586.rpm
 a97f9c43d1eefab82742884db15d5bbc  2008.0/i586/libkrb53-1.6.2-7.3mdv2008.0.i586.rpm
 27dd46df53ff045324a034d0ca82d49c  2008.0/i586/libkrb53-devel-1.6.2-7.3mdv2008.0.i586.rpm
 431452767e975eb64cc6cd247063d37c  2008.0/i586/telnet-client-krb5-1.6.2-7.3mdv2008.0.i586.rpm
 aaba3becaf596303a3c13971791c2754  2008.0/i586/telnet-server-krb5-1.6.2-7.3mdv2008.0.i586.rpm 
 53c1386ea4b5df817c291036c0b87c87  2008.0/SRPMS/krb5-1.6.2-7.3mdv2008.0.src.rpm

2008.0 x86_64

 e2f5fe97c5378b7289f82e91bdd6bddd  2008.0/x86_64/ftp-client-krb5-1.6.2-7.3mdv2008.0.x86_64.rpm
 a08df3ac4dca4acdf206319a3719fbdd  2008.0/x86_64/ftp-server-krb5-1.6.2-7.3mdv2008.0.x86_64.rpm
 885d1a0531dfb0cf76caa7c4ff3fe18e  2008.0/x86_64/krb5-1.6.2-7.3mdv2008.0.x86_64.rpm
 039ee08d160d7e69d08bada9094b97a3  2008.0/x86_64/krb5-server-1.6.2-7.3mdv2008.0.x86_64.rpm
 9b38bbdf14e5497210fc089f557e95e1  2008.0/x86_64/krb5-workstation-1.6.2-7.3mdv2008.0.x86_64.rpm
 a0c7e0644a2003de2c0b9c9950732aa4  2008.0/x86_64/lib64krb53-1.6.2-7.3mdv2008.0.x86_64.rpm
 5ba2c89f29763d83566c6fef282b739b  2008.0/x86_64/lib64krb53-devel-1.6.2-7.3mdv2008.0.x86_64.rpm
 ecda67b1be41c463bef90354ded0915f  2008.0/x86_64/telnet-client-krb5-1.6.2-7.3mdv2008.0.x86_64.rpm
 500a7f81e1be11f4b5100f231035e819  2008.0/x86_64/telnet-server-krb5-1.6.2-7.3mdv2008.0.x86_64.rpm 
 53c1386ea4b5df817c291036c0b87c87  2008.0/SRPMS/krb5-1.6.2-7.3mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844