MDKSA-2003:043-1

Package name

krb5

Date

2003-04-03

Advisory ID

MDKSA-2003:043-1

Affected versions

9.1 i586 , 9.1 i586

Problem description

Multiple vulnerabilties have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilties, a description of which follows. An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to cause a crash of the server via a large unsigned data element length, which is later used as a negative value (CAN-2002-0036). Mandrake Linux 9.0+ is not affected by this problem. Vulnerabilties have been found in the RPC library used by the kadmin service. A faulty length check in the RPC library exposes kadmind to an integer overflow which can be used to crash kadmind (CAN-2003-0028). The KDC (Key Distribution Center) before version 1.2.5 allows remote, authenticated attackers to cause a crash on KDCs within the same realm using a certain protocol that causes a null dereference (CAN-2003-0058). Mandrake Linux 9.0+ is not affected by this problem. Users from one realm can impersonate users in other realms that have the same inter-realm keys due to a vulnerability in Kerberos 1.2.3 and earlier (CAN-2003-0059). Mandrake Linux 9.0+ is not affected by this problem. The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (CAN-2003-0072). The KDC allows remote, authenticated users to cause a crash on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (CAN-2003-0082). Vulnerabilities have been discovered in the Kerberos IV authentication protocol which allow an attacker with knowledge of a cross-realm key, which is shared in another realm, to impersonate a principle in that realm to any service in that realm. This vulnerability can only be closed by disabling cross-realm authentication in Kerberos IV (CAN-2003-0138). Vulnerabilities have been discovered in the support for triple-DES keys in the Kerberos IV authentication protocol which is included in MIT Kerberos (CAN-2003-0139). MandrakeSoft encourages all users to upgrade to these updated packages immediately which contain patches to correct all of the previously noted vulnerabilities. These packages also disable Kerberos IV cross-realm authentication by default. Update: The packages for Mandrake Linux 9.1 and 9.1/PPC were not GPG-signed. This has been fixed and as a result the md5sums have changed. Thanks to Mark Lyda for pointing this out.

Updated packages

9.1 i586

 dead011c5b9fcff8dccef79ae9584d4d  ppc/9.1/RPMS/ftp-client-krb5-1.2.7-1.1mdk.ppc.rpm
8a6960bcfc54df727be98283fe984de7  ppc/9.1/RPMS/ftp-server-krb5-1.2.7-1.1mdk.ppc.rpm
d56571ffa654d314b704bc777373da3a  ppc/9.1/RPMS/krb5-devel-1.2.7-1.1mdk.ppc.rpm
4072ba264aef71ddb37d7f1284e42c80  ppc/9.1/RPMS/krb5-libs-1.2.7-1.1mdk.ppc.rpm
100923fc7597e018e25e6b4dc9433dd6  ppc/9.1/RPMS/krb5-server-1.2.7-1.1mdk.ppc.rpm
b1452027bd5b71fc523bdce2c29cccfd  ppc/9.1/RPMS/krb5-workstation-1.2.7-1.1mdk.ppc.rpm
ad05b9eb1b2010f650ae433e46e717bd  ppc/9.1/RPMS/telnet-client-krb5-1.2.7-1.1mdk.ppc.rpm
fd4abfb72135d3baba64927d432b863f  ppc/9.1/RPMS/telnet-server-krb5-1.2.7-1.1mdk.ppc.rpm
3767fc890e9bb238de9e86a4a954e51f  ppc/9.1/SRPMS/krb5-1.2.7-1.1mdk.src.rpm

9.1 i586

 43e10186ecad8f489b4718ba3a508f0e  9.1/RPMS/ftp-client-krb5-1.2.7-1.1mdk.i586.rpm
2560a129ff724a914540af2c6869770b  9.1/RPMS/ftp-server-krb5-1.2.7-1.1mdk.i586.rpm
08f474f1d6d538412c7eb28fb3a340f0  9.1/RPMS/krb5-devel-1.2.7-1.1mdk.i586.rpm
31e72fb15daaf204659937afe095591a  9.1/RPMS/krb5-libs-1.2.7-1.1mdk.i586.rpm
3e60cb85aa33538d0b023b4204546db0  9.1/RPMS/krb5-server-1.2.7-1.1mdk.i586.rpm
c772a662c64fe7b340876fe7c488189a  9.1/RPMS/krb5-workstation-1.2.7-1.1mdk.i586.rpm
eee1a0c0e530850c917414b0d5a68204  9.1/RPMS/telnet-client-krb5-1.2.7-1.1mdk.i586.rpm
e185249303aefd2d5d098f8b22f2b6fa  9.1/RPMS/telnet-server-krb5-1.2.7-1.1mdk.i586.rpm
3767fc890e9bb238de9e86a4a954e51f  9.1/SRPMS/krb5-1.2.7-1.1mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0036
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0028
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0058
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0059
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0072
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0082
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0138
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0139
• http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
• http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt
• http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
• http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt