Package name
krb5
Date
2010-10-13
Advisory ID
MDVSA-2010:202
Affected versions
2010.1 i586 , 2010.1 x86_64

Problem description

A vulnerability was discovered and corrected in krb5:

The merge_authdata function in kdc_authdata.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does
not properly manage an index into an authorization-data list, which
allows remote attackers to cause a denial of service (daemon crash),
or possibly obtain sensitive information, spoof authorization,
or execute arbitrary code, via a TGS request, as demonstrated by a
request from a Windows Active Directory client (CVE-2010-1322).

The updated packages have been patched to correct this issue.

Updated packages

2010.1 i586

 81157bb37d800ecb35da0a3ecc28c1ff  2010.1/i586/krb5-1.8.1-5.1mdv2010.1.i586.rpm
 8c2a9907b8cefff497d7a447216d9c7b  2010.1/i586/krb5-pkinit-openssl-1.8.1-5.1mdv2010.1.i586.rpm
 346919eefb3a68b47b397a70c3d8f3e0  2010.1/i586/krb5-server-1.8.1-5.1mdv2010.1.i586.rpm
 11ee424abe5dcfa9ad6de59538230b22  2010.1/i586/krb5-server-ldap-1.8.1-5.1mdv2010.1.i586.rpm
 2ae5ec22543e8a85578537849270304a  2010.1/i586/krb5-workstation-1.8.1-5.1mdv2010.1.i586.rpm
 d239595276e0a51232d5e0b4a1250840  2010.1/i586/libkrb53-1.8.1-5.1mdv2010.1.i586.rpm
 7cd0a63672f796106e34841bd52e1734  2010.1/i586/libkrb53-devel-1.8.1-5.1mdv2010.1.i586.rpm 
 1525493d2bcea9a8ec304fad469ea7d7  2010.1/SRPMS/krb5-1.8.1-5.1mdv2010.1.src.rpm

2010.1 x86_64

 46b6f7ef2ea6b6ecb1d0681204ec6588  2010.1/x86_64/krb5-1.8.1-5.1mdv2010.1.x86_64.rpm
 ad909fb0cf4fb2943f427ca7eebf0fa3  2010.1/x86_64/krb5-pkinit-openssl-1.8.1-5.1mdv2010.1.x86_64.rpm
 33321047b0ce237f6c1f89a34c0996b0  2010.1/x86_64/krb5-server-1.8.1-5.1mdv2010.1.x86_64.rpm
 019440fece4e6c003e2eb1f0a23de033  2010.1/x86_64/krb5-server-ldap-1.8.1-5.1mdv2010.1.x86_64.rpm
 a8584fa57d9f9d69a8d8e42b570e5033  2010.1/x86_64/krb5-workstation-1.8.1-5.1mdv2010.1.x86_64.rpm
 e9568cee380a47ac9b5eec15747f3e4b  2010.1/x86_64/lib64krb53-1.8.1-5.1mdv2010.1.x86_64.rpm
 d1c6d2772b8218da83681a3aee8a86eb  2010.1/x86_64/lib64krb53-devel-1.8.1-5.1mdv2010.1.x86_64.rpm 
 1525493d2bcea9a8ec304fad469ea7d7  2010.1/SRPMS/krb5-1.8.1-5.1mdv2010.1.src.rpm

References