MDKSA-2005:119

Package name

krb5

Date

2005-07-13

Advisory ID

MDKSA-2005:119

Affected versions

MNF2.0 i586 , 10.2 x86_64 , CS2.1 x86_64 , 10.0 amd64 , 10.2 i586 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

A number of vulnerabilities have been corrected in this Kerberos update: The rcp protocol would allow a server to instruct a client to write to arbitrary files outside of the current directory. The Kerberos-aware rcp could be abused to copy files from a malicious server (CAN-2004-0175). Gael Delalleau discovered an information disclosure vulnerability in the way some telnet clients handled messages from a server. This could be abused by a malicious telnet server to collect information from the environment of any victim connecting to the server using the Kerberos- aware telnet client (CAN-2005-0488). Daniel Wachdorf disovered that in error conditions that could occur in response to correctly-formatted client requests, the Kerberos 5 KDC may attempt to free uninitialized memory, which could cause the KDC to crash resulting in a Denial of Service (CAN-2005-1174). Daniel Wachdorf also discovered a single-byte heap overflow in the krb5_unparse_name() function that could, if successfully exploited, lead to a crash, resulting in a DoS. To trigger this flaw, an attacker would need to have control of a Kerberos realm that shares a cross- realm key with the target (CAN-2005-1175). Finally, a double-free flaw was discovered in the krb5_recvauth() routine which could be triggered by a remote unauthenticated attacker. This issue could potentially be exploited to allow for the execution of arbitrary code on a KDC. No exploit is currently known to exist (CAN-2005-1689). The updated packages have been patched to address this issue and Mandriva urges all users to upgrade to these packages as quickly as possible.

Updated packages

MNF2.0 i586

 fabcf16faccef529a4a5d95e52e4474a  mnf/2.0/RPMS/libkrb51-1.3-6.6.M20mdk.i586.rpm
0a612cf3624c0e0279705eb4658cf08e  mnf/2.0/SRPMS/krb5-1.3-6.6.M20mdk.src.rpm

10.2 x86_64

 48bf82662d9dc709f7b6fc93d408ec36  x86_64/10.2/RPMS/ftp-client-krb5-1.3.6-6.1.102mdk.x86_64.rpm
a99dcafc0f131bee2fdd481a3c3b74ae  x86_64/10.2/RPMS/ftp-server-krb5-1.3.6-6.1.102mdk.x86_64.rpm
6575fa785756ec309bc9a532ea201998  x86_64/10.2/RPMS/krb5-server-1.3.6-6.1.102mdk.x86_64.rpm
9de12fff0f2556fc1b37309f3df38f43  x86_64/10.2/RPMS/krb5-workstation-1.3.6-6.1.102mdk.x86_64.rpm
979d3a3a1076b5e1379388dfa12cbf14  x86_64/10.2/RPMS/lib64krb53-1.3.6-6.1.102mdk.x86_64.rpm
51fdffc99853d03ae464cfd45e477cf8  x86_64/10.2/RPMS/lib64krb53-devel-1.3.6-6.1.102mdk.x86_64.rpm
0f52ac0e1c637d1c9cd8ec0ce40f9221  x86_64/10.2/RPMS/telnet-client-krb5-1.3.6-6.1.102mdk.x86_64.rpm
398385ff0c438b3ddf4e086a44ae118c  x86_64/10.2/RPMS/telnet-server-krb5-1.3.6-6.1.102mdk.x86_64.rpm
fc23e2f504e65b3ed2304bbf44b17626  x86_64/10.2/SRPMS/krb5-1.3.6-6.1.102mdk.src.rpm

CS2.1 x86_64

 ef0287c7f515b77e4ee9c816564298c1  x86_64/corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.10.C21mdk.x86_64.rpm
94268948f1c84bb9f2b194d02467e3e6  x86_64/corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.10.C21mdk.x86_64.rpm
5f07977c217d7e8f03cf1264671100ea  x86_64/corporate/2.1/RPMS/krb5-devel-1.2.5-1.10.C21mdk.x86_64.rpm
2af63c080bcce672cb112ecfcddd79cd  x86_64/corporate/2.1/RPMS/krb5-libs-1.2.5-1.10.C21mdk.x86_64.rpm
224dfdac58646589d1bd5a50bb4ca3b9  x86_64/corporate/2.1/RPMS/krb5-server-1.2.5-1.10.C21mdk.x86_64.rpm
199e3235e0ed34edc0d2ce377534c441  x86_64/corporate/2.1/RPMS/krb5-workstation-1.2.5-1.10.C21mdk.x86_64.rpm
65b63aa5728e478eb566100c1e2a8061  x86_64/corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.10.C21mdk.x86_64.rpm
0550444014da765a97deea983332d45e  x86_64/corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.10.C21mdk.x86_64.rpm
5998fcf5b2a19bac3f513fd9a196093f  x86_64/corporate/2.1/SRPMS/krb5-1.2.5-1.10.C21mdk.src.rpm

10.0 amd64

 174fdb05eb1f32630ff9e7796800f554  amd64/10.0/RPMS/ftp-client-krb5-1.3-6.6.100mdk.amd64.rpm
97eb89e96cccdd269d1aed4c19d0c31c  amd64/10.0/RPMS/ftp-server-krb5-1.3-6.6.100mdk.amd64.rpm
f57777163fcbca96e8f032fe22134414  amd64/10.0/RPMS/krb5-server-1.3-6.6.100mdk.amd64.rpm
befa694e6b367b7ad9ac6f127edb28c4  amd64/10.0/RPMS/krb5-workstation-1.3-6.6.100mdk.amd64.rpm
caaa22fb8566f59f749234cb6d2065f1  amd64/10.0/RPMS/lib64krb51-1.3-6.6.100mdk.amd64.rpm
8f869dbf84022f913fc14841741cba82  amd64/10.0/RPMS/lib64krb51-devel-1.3-6.6.100mdk.amd64.rpm
83d63d52ab2fa1545a8bfbcd81cf4b89  amd64/10.0/RPMS/telnet-client-krb5-1.3-6.6.100mdk.amd64.rpm
ba7fc18ac57bda1f05aaf42c82dcd196  amd64/10.0/RPMS/telnet-server-krb5-1.3-6.6.100mdk.amd64.rpm
7b00ffd04e5fb1328a8ecfc3bad58827  amd64/10.0/SRPMS/krb5-1.3-6.6.100mdk.src.rpm

10.2 i586

 2370d0bcd8e1055b828cbc5fd61b80fb  10.2/RPMS/ftp-client-krb5-1.3.6-6.1.102mdk.i586.rpm
77d6d6822faf2d46126324d52b7de350  10.2/RPMS/ftp-server-krb5-1.3.6-6.1.102mdk.i586.rpm
fd97b673156aab9df1dd084fa00ca4ee  10.2/RPMS/krb5-server-1.3.6-6.1.102mdk.i586.rpm
e097b32bff94a889e9287328ea4383a7  10.2/RPMS/krb5-workstation-1.3.6-6.1.102mdk.i586.rpm
10b12d24aeacbc51a72c5f6df7e063ab  10.2/RPMS/libkrb53-1.3.6-6.1.102mdk.i586.rpm
c1b8458fdd25b9ac51338978958886b9  10.2/RPMS/libkrb53-devel-1.3.6-6.1.102mdk.i586.rpm
225fb2cfd2b8a30d0743cc691a98f862  10.2/RPMS/telnet-client-krb5-1.3.6-6.1.102mdk.i586.rpm
c7145ab6eb80b5a5bd6438dc1292c208  10.2/RPMS/telnet-server-krb5-1.3.6-6.1.102mdk.i586.rpm
fc23e2f504e65b3ed2304bbf44b17626  10.2/SRPMS/krb5-1.3.6-6.1.102mdk.src.rpm

10.1 i586

 fb9247177c9a8e1c97058458c70e6a38  10.1/RPMS/ftp-client-krb5-1.3.4-2.3.101mdk.i586.rpm
dc55f0d19df94d5c4314ba7476d267f7  10.1/RPMS/ftp-server-krb5-1.3.4-2.3.101mdk.i586.rpm
0a87d233095d1cd13ee637153dcc5b59  10.1/RPMS/krb5-server-1.3.4-2.3.101mdk.i586.rpm
f8e4067a77c9d5bb681d2460bf2063b9  10.1/RPMS/krb5-workstation-1.3.4-2.3.101mdk.i586.rpm
e0d4e8e580f3b6499bc405aed49552d3  10.1/RPMS/libkrb53-1.3.4-2.3.101mdk.i586.rpm
73e3abef9c847fe90db56483531a1cf1  10.1/RPMS/libkrb53-devel-1.3.4-2.3.101mdk.i586.rpm
ab219aaacc9c024b737f323350f20745  10.1/RPMS/telnet-client-krb5-1.3.4-2.3.101mdk.i586.rpm
59950fc14b9ebde521822ceb72e020b5  10.1/RPMS/telnet-server-krb5-1.3.4-2.3.101mdk.i586.rpm
b6791f0e031795f328a2373bd6bff4af  10.1/SRPMS/krb5-1.3.4-2.3.101mdk.src.rpm

10.0 i586

 c87b9ac1660b8cb7909f0d7809e60c16  10.0/RPMS/ftp-client-krb5-1.3-6.6.100mdk.i586.rpm
6f42470b37ea66bb7570694acf4b170c  10.0/RPMS/ftp-server-krb5-1.3-6.6.100mdk.i586.rpm
bf802310809218151a91f70b431f58f7  10.0/RPMS/krb5-server-1.3-6.6.100mdk.i586.rpm
dd0120f441cbe289189c98d1a6e7c9b5  10.0/RPMS/krb5-workstation-1.3-6.6.100mdk.i586.rpm
69c40a89709e887063a3e817325125b9  10.0/RPMS/libkrb51-1.3-6.6.100mdk.i586.rpm
34a0289675fc35576e2cb715a6e2117b  10.0/RPMS/libkrb51-devel-1.3-6.6.100mdk.i586.rpm
bed8b731d7e752b4bcffe98abdbd7d3e  10.0/RPMS/telnet-client-krb5-1.3-6.6.100mdk.i586.rpm
7b01eaa867670ef32aafc0c62d1e9b01  10.0/RPMS/telnet-server-krb5-1.3-6.6.100mdk.i586.rpm
7b00ffd04e5fb1328a8ecfc3bad58827  10.0/SRPMS/krb5-1.3-6.6.100mdk.src.rpm

CS3.0 x86_64

 e6eda8a4875598ce56e56a7c45a9ca95  x86_64/corporate/3.0/RPMS/ftp-client-krb5-1.3-6.6.C30mdk.x86_64.rpm
e7bd3ed8c1e29b25ebb3bffc3fa8c46a  x86_64/corporate/3.0/RPMS/ftp-server-krb5-1.3-6.6.C30mdk.x86_64.rpm
e134c8918d95e99784b9e1a4078fd7ab  x86_64/corporate/3.0/RPMS/krb5-server-1.3-6.6.C30mdk.x86_64.rpm
0bf662ecfd42b2f68b2af8e05ad510c7  x86_64/corporate/3.0/RPMS/krb5-workstation-1.3-6.6.C30mdk.x86_64.rpm
262c7ec2ae2a0f72f3891abd5ed1b400  x86_64/corporate/3.0/RPMS/lib64krb51-1.3-6.6.C30mdk.x86_64.rpm
be39364202543ef56bbce8f5d69bf309  x86_64/corporate/3.0/RPMS/lib64krb51-devel-1.3-6.6.C30mdk.x86_64.rpm
d734050c0bfc0e5e65834aee4df6c77d  x86_64/corporate/3.0/RPMS/telnet-client-krb5-1.3-6.6.C30mdk.x86_64.rpm
3a78f34256effe43feb9d6f3dc0fc62d  x86_64/corporate/3.0/RPMS/telnet-server-krb5-1.3-6.6.C30mdk.x86_64.rpm
1738741854a9259ef09e6a6325349a14  x86_64/corporate/3.0/SRPMS/krb5-1.3-6.6.C30mdk.src.rpm

CS3.0 i586

 dc39a416e792dbe6bd3c30e2a4be7350  corporate/3.0/RPMS/ftp-client-krb5-1.3-6.6.C30mdk.i586.rpm
1a351c0d939faecda9051d9432afe724  corporate/3.0/RPMS/ftp-server-krb5-1.3-6.6.C30mdk.i586.rpm
ddd38c40766625e7ac7a2c7964d1bf99  corporate/3.0/RPMS/krb5-server-1.3-6.6.C30mdk.i586.rpm
8e83fef835a01e12aa3273b8b8970717  corporate/3.0/RPMS/krb5-workstation-1.3-6.6.C30mdk.i586.rpm
24a4d0ffa3c2651121d7f7381cafad29  corporate/3.0/RPMS/libkrb51-1.3-6.6.C30mdk.i586.rpm
be8a2e1088d1b06054a97c773960b0e0  corporate/3.0/RPMS/libkrb51-devel-1.3-6.6.C30mdk.i586.rpm
1274d73b2ada444ebe50b998d1d83d6a  corporate/3.0/RPMS/telnet-client-krb5-1.3-6.6.C30mdk.i586.rpm
fdf3981cdc25a9afee54a61cb01d042c  corporate/3.0/RPMS/telnet-server-krb5-1.3-6.6.C30mdk.i586.rpm
1738741854a9259ef09e6a6325349a14  corporate/3.0/SRPMS/krb5-1.3-6.6.C30mdk.src.rpm

CS2.1 i586

 fb109362079c6f8a2aec1ca618882513  corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.10.C21mdk.i586.rpm
92725fca271543c54c907c4860a9c225  corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.10.C21mdk.i586.rpm
bc56956b9c25b804e9238aa750c79688  corporate/2.1/RPMS/krb5-devel-1.2.5-1.10.C21mdk.i586.rpm
85da226bcd5c58f611c77e457505e660  corporate/2.1/RPMS/krb5-libs-1.2.5-1.10.C21mdk.i586.rpm
680c3f4ff6a53c12ea5f706858a29c30  corporate/2.1/RPMS/krb5-server-1.2.5-1.10.C21mdk.i586.rpm
ed55cd70d63d65c1ef644672a331beca  corporate/2.1/RPMS/krb5-workstation-1.2.5-1.10.C21mdk.i586.rpm
2032b8637d45463118b6b2cec796ea89  corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.10.C21mdk.i586.rpm
2f0aedf68f2a0e33a6a94139eaf50cac  corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.10.C21mdk.i586.rpm
5998fcf5b2a19bac3f513fd9a196093f  corporate/2.1/SRPMS/krb5-1.2.5-1.10.C21mdk.src.rpm

10.1 x86_64

 7cc15d17e2dd069951ae1033e2e5da0f  x86_64/10.1/RPMS/ftp-client-krb5-1.3.4-2.3.101mdk.x86_64.rpm
08d8d3cd6b8e3be3a0647feb3a041cc0  x86_64/10.1/RPMS/ftp-server-krb5-1.3.4-2.3.101mdk.x86_64.rpm
6ef2f47ace0c658673c20e7428058b3f  x86_64/10.1/RPMS/krb5-server-1.3.4-2.3.101mdk.x86_64.rpm
eb7c38bbfacd43534d2508872ae07637  x86_64/10.1/RPMS/krb5-workstation-1.3.4-2.3.101mdk.x86_64.rpm
911d542523934cae7891eb3aa1b4c22c  x86_64/10.1/RPMS/lib64krb53-1.3.4-2.3.101mdk.x86_64.rpm
42c8a131ea1bb6b4a71826fa0367dcd9  x86_64/10.1/RPMS/lib64krb53-devel-1.3.4-2.3.101mdk.x86_64.rpm
991aadec0a33745198589b1619f42190  x86_64/10.1/RPMS/telnet-client-krb5-1.3.4-2.3.101mdk.x86_64.rpm
9fecbd14c5b908416e2eb5b8b7900602  x86_64/10.1/RPMS/telnet-server-krb5-1.3.4-2.3.101mdk.x86_64.rpm
b6791f0e031795f328a2373bd6bff4af  x86_64/10.1/SRPMS/krb5-1.3.4-2.3.101mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0175
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0488
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1174
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1175
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689
• http://www.cert.org/advisories/623332
• http://www.cert.org/advisories/259798
• http://www.cert.org/advisories/885830
• http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt
• http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt