MDVSA-2009:098

Package name

krb5

Date

2009-04-27

Advisory ID

MDVSA-2009:098

Affected versions

2009.0 x86_64 , CS4.0 x86_64 , 2009.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2008.1 x86_64 , 2008.1 i586

Problem description

Multiple vulnerabilities has been found and corrected in krb5:

The get_input_token function in the SPNEGO implementation in MIT
Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to
cause a denial of service (daemon crash) and possibly obtain sensitive
information via a crafted length value that triggers a buffer over-read
(CVE-2009-0844).

The spnego_gss_accept_sec_context function in
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5
through 1.6.3, when SPNEGO is used, allows remote attackers to cause
a denial of service (NULL pointer dereference and daemon crash) via
invalid ContextFlags data in the reqFlags field in a negTokenInit token
(CVE-2009-0845).

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in
the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before
1.6.4 allows remote attackers to cause a denial of service (daemon
crash) or possibly execute arbitrary code via vectors involving an
invalid DER encoding that triggers a free of an uninitialized pointer
(CVE-2009-0846).

The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5
(aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to
cause a denial of service (application crash) via a crafted length
value that triggers an erroneous malloc call, related to incorrect
calculations with pointer arithmetic (CVE-2009-0847).

The updated packages have been patched to correct these issues.

Update:

krb5 packages for Mandriva Linux Corporate Server 3 and 4 are not
affected by CVE-2009-0844 and CVE-2009-0845

Updated packages

2009.0 x86_64

 fdc1779a9c4c7bc31880435fa8afbbb5  2009.0/x86_64/ftp-client-krb5-1.6.3-6.2mdv2009.0.x86_64.rpm
 ccbde6246adfa07175b5cf2da9809d81  2009.0/x86_64/ftp-server-krb5-1.6.3-6.2mdv2009.0.x86_64.rpm
 17662205327ac45a9fcc6ab270a8ef4f  2009.0/x86_64/krb5-1.6.3-6.2mdv2009.0.x86_64.rpm
 b19fb986950c065345a28e9b8a444ab4  2009.0/x86_64/krb5-server-1.6.3-6.2mdv2009.0.x86_64.rpm
 a2bba1358dfdfc458782357d805a566b  2009.0/x86_64/krb5-workstation-1.6.3-6.2mdv2009.0.x86_64.rpm
 72a6f9be1607868e5d7c10ec8a7d2295  2009.0/x86_64/lib64krb53-1.6.3-6.2mdv2009.0.x86_64.rpm
 7956f8bca30bbd637422189606b41e3a  2009.0/x86_64/lib64krb53-devel-1.6.3-6.2mdv2009.0.x86_64.rpm
 34b741d881ef3b12905a9d624f4fc901  2009.0/x86_64/telnet-client-krb5-1.6.3-6.2mdv2009.0.x86_64.rpm
 59d905047019f89cdd0a04e3bfe0ab14  2009.0/x86_64/telnet-server-krb5-1.6.3-6.2mdv2009.0.x86_64.rpm 
 4ad1f1a599a545334c80d9759def48ed  2009.0/SRPMS/krb5-1.6.3-6.2mdv2009.0.src.rpm

CS4.0 x86_64

 62bbdd34df62287729d1b14ec2ab4d73  corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.7.20060mlcs4.x86_64.rpm
 1e948554c70318ce09d4b6392e7b931d  corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.7.20060mlcs4.x86_64.rpm
 bceebd8909400563345b2d282c3b4baf  corporate/4.0/x86_64/krb5-server-1.4.3-5.7.20060mlcs4.x86_64.rpm
 579beed3249c720a8421a7706d718783  corporate/4.0/x86_64/krb5-workstation-1.4.3-5.7.20060mlcs4.x86_64.rpm
 417e35f8f3954181367dca4ee82b5580  corporate/4.0/x86_64/lib64krb53-1.4.3-5.7.20060mlcs4.x86_64.rpm
 74fdeb37faf6cba35cc0b071166d08cb  corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.7.20060mlcs4.x86_64.rpm
 9e0a1ba777a7229ab71ffdb58bea6a88  corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.7.20060mlcs4.x86_64.rpm
 e6c8b6748465b44bed26cc9913f0bc34  corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.7.20060mlcs4.x86_64.rpm 
 a4c146bd8c32f15d0997a72b7a90e944  corporate/4.0/SRPMS/krb5-1.4.3-5.7.20060mlcs4.src.rpm

2009.0 i586

 c2cda7b765baa64dbb0f1a7b976a1591  2009.0/i586/ftp-client-krb5-1.6.3-6.2mdv2009.0.i586.rpm
 1dda8aa526a297dbc9038f280fa6883c  2009.0/i586/ftp-server-krb5-1.6.3-6.2mdv2009.0.i586.rpm
 c8ad63842e6e8be0b4a5b5d21e458391  2009.0/i586/krb5-1.6.3-6.2mdv2009.0.i586.rpm
 bee377a64972f0fcb0b2d31e1d286385  2009.0/i586/krb5-server-1.6.3-6.2mdv2009.0.i586.rpm
 a83c03666c857e0c88a863dbf15ae526  2009.0/i586/krb5-workstation-1.6.3-6.2mdv2009.0.i586.rpm
 17a89f6840ec8f2a60941fec75fba00b  2009.0/i586/libkrb53-1.6.3-6.2mdv2009.0.i586.rpm
 4977c8d2353b28501d671b66b44e4133  2009.0/i586/libkrb53-devel-1.6.3-6.2mdv2009.0.i586.rpm
 cdeef84c6cde6ddf8912718a88e66bf4  2009.0/i586/telnet-client-krb5-1.6.3-6.2mdv2009.0.i586.rpm
 1e4906e2d74331a38e29b6b04a0ea8ba  2009.0/i586/telnet-server-krb5-1.6.3-6.2mdv2009.0.i586.rpm 
 4ad1f1a599a545334c80d9759def48ed  2009.0/SRPMS/krb5-1.6.3-6.2mdv2009.0.src.rpm

CS3.0 x86_64

 d981c4f2a7925adb6feff0c252f00626  corporate/3.0/x86_64/ftp-client-krb5-1.3-6.11.C30mdk.x86_64.rpm
 f59125ae3c7d1efa7151c5c8a86a1476  corporate/3.0/x86_64/ftp-server-krb5-1.3-6.11.C30mdk.x86_64.rpm
 b17ece09b31395a413ae5eeeb5bd32a6  corporate/3.0/x86_64/krb5-server-1.3-6.11.C30mdk.x86_64.rpm
 fc0b7f2fb95220c1607a72f5c25a45c3  corporate/3.0/x86_64/krb5-workstation-1.3-6.11.C30mdk.x86_64.rpm
 156b5df78ec1239559e8720299f679e7  corporate/3.0/x86_64/lib64krb51-1.3-6.11.C30mdk.x86_64.rpm
 4635489e850e52abca2df6db7d4a5ebc  corporate/3.0/x86_64/lib64krb51-devel-1.3-6.11.C30mdk.x86_64.rpm
 49806cab645a6a1d596f5b5a1cedd96c  corporate/3.0/x86_64/telnet-client-krb5-1.3-6.11.C30mdk.x86_64.rpm
 38fdcdf20d4ef0243fb6dbfe6a7780d5  corporate/3.0/x86_64/telnet-server-krb5-1.3-6.11.C30mdk.x86_64.rpm 
 4458f2259fef080bbece26f0235f1418  corporate/3.0/SRPMS/krb5-1.3-6.11.C30mdk.src.rpm

CS4.0 i586

 ab3ccbb8ce757efec2db8132432ae11f  corporate/4.0/i586/ftp-client-krb5-1.4.3-5.7.20060mlcs4.i586.rpm
 275e178b54b246c15ed10dc723e1920d  corporate/4.0/i586/ftp-server-krb5-1.4.3-5.7.20060mlcs4.i586.rpm
 7d3baabbf55efbebdef4357d46d350de  corporate/4.0/i586/krb5-server-1.4.3-5.7.20060mlcs4.i586.rpm
 0ae5311265df889ac567e0100a518eb6  corporate/4.0/i586/krb5-workstation-1.4.3-5.7.20060mlcs4.i586.rpm
 70c681507015a10de964bf024abc9654  corporate/4.0/i586/libkrb53-1.4.3-5.7.20060mlcs4.i586.rpm
 c3d01b1057490701edf645168ec0f0eb  corporate/4.0/i586/libkrb53-devel-1.4.3-5.7.20060mlcs4.i586.rpm
 e8e983e847571dfed35669719abf39be  corporate/4.0/i586/telnet-client-krb5-1.4.3-5.7.20060mlcs4.i586.rpm
 acc59a77acfd6ed95e29bdd1e99f3795  corporate/4.0/i586/telnet-server-krb5-1.4.3-5.7.20060mlcs4.i586.rpm 
 a4c146bd8c32f15d0997a72b7a90e944  corporate/4.0/SRPMS/krb5-1.4.3-5.7.20060mlcs4.src.rpm

CS3.0 i586

 304218624241e5ce340f6c20534edaac  corporate/3.0/i586/ftp-client-krb5-1.3-6.11.C30mdk.i586.rpm
 4b2ced385b76878b5eeca08d68cf8741  corporate/3.0/i586/ftp-server-krb5-1.3-6.11.C30mdk.i586.rpm
 e652820a091fcb438ae0cc973e579dfa  corporate/3.0/i586/krb5-server-1.3-6.11.C30mdk.i586.rpm
 c8136e55b22095692d3de5266e742ec1  corporate/3.0/i586/krb5-workstation-1.3-6.11.C30mdk.i586.rpm
 75ef8ea188a73d9c0da28987ba42aa8d  corporate/3.0/i586/libkrb51-1.3-6.11.C30mdk.i586.rpm
 023862f9970d739299d9653b31d164c2  corporate/3.0/i586/libkrb51-devel-1.3-6.11.C30mdk.i586.rpm
 c30c68b3c4726e37e010ca816cefe2a7  corporate/3.0/i586/telnet-client-krb5-1.3-6.11.C30mdk.i586.rpm
 ffd71b666478d27ccc1fc06ad5175a8b  corporate/3.0/i586/telnet-server-krb5-1.3-6.11.C30mdk.i586.rpm 
 4458f2259fef080bbece26f0235f1418  corporate/3.0/SRPMS/krb5-1.3-6.11.C30mdk.src.rpm

2008.1 x86_64

 1679393718e45595011f6b3c55058403  2008.1/x86_64/ftp-client-krb5-1.6.3-6.2mdv2008.1.x86_64.rpm
 ab83a1b935d84dfb3ed167567286ef44  2008.1/x86_64/ftp-server-krb5-1.6.3-6.2mdv2008.1.x86_64.rpm
 5d8c9714a0662f703ce64e2d3ffec248  2008.1/x86_64/krb5-1.6.3-6.2mdv2008.1.x86_64.rpm
 564fcc2fa623f51ec0d49db3933002c6  2008.1/x86_64/krb5-server-1.6.3-6.2mdv2008.1.x86_64.rpm
 1a6900fa4b8945bac082a655282730ce  2008.1/x86_64/krb5-workstation-1.6.3-6.2mdv2008.1.x86_64.rpm
 786d21d01c4605cca4dcc49a644f46cb  2008.1/x86_64/lib64krb53-1.6.3-6.2mdv2008.1.x86_64.rpm
 efc04ec60d2765f6d988011ab3407472  2008.1/x86_64/lib64krb53-devel-1.6.3-6.2mdv2008.1.x86_64.rpm
 0b2818f503dd4aa22688c868b51f1228  2008.1/x86_64/telnet-client-krb5-1.6.3-6.2mdv2008.1.x86_64.rpm
 112d154ca517a31fd2a4fa467d5d4e3c  2008.1/x86_64/telnet-server-krb5-1.6.3-6.2mdv2008.1.x86_64.rpm 
 177a17eaba5c495a99e5db26251dba08  2008.1/SRPMS/krb5-1.6.3-6.2mdv2008.1.src.rpm

2008.1 i586

 8fd37c3b7905d709149e949341a1cef5  2008.1/i586/ftp-client-krb5-1.6.3-6.2mdv2008.1.i586.rpm
 5bfecf2eea4e760cabb8fabb99c2319e  2008.1/i586/ftp-server-krb5-1.6.3-6.2mdv2008.1.i586.rpm
 2d93da6ed6fa398a4757f054036d5631  2008.1/i586/krb5-1.6.3-6.2mdv2008.1.i586.rpm
 32bab4463f4e90f86b5793dc39c44100  2008.1/i586/krb5-server-1.6.3-6.2mdv2008.1.i586.rpm
 a1530d87332a48cf90e3e52489cebc8a  2008.1/i586/krb5-workstation-1.6.3-6.2mdv2008.1.i586.rpm
 7df9ee6615eda87dc94fdc9bf6425b2e  2008.1/i586/libkrb53-1.6.3-6.2mdv2008.1.i586.rpm
 cf9e0fd5e84e427970aa625b30feb2b4  2008.1/i586/libkrb53-devel-1.6.3-6.2mdv2008.1.i586.rpm
 677e51076cec19f129ef56f1cdab8f03  2008.1/i586/telnet-client-krb5-1.6.3-6.2mdv2008.1.i586.rpm
 619cb1d107395184eb8affbd0901b189  2008.1/i586/telnet-server-krb5-1.6.3-6.2mdv2008.1.i586.rpm 
 177a17eaba5c495a99e5db26251dba08  2008.1/SRPMS/krb5-1.6.3-6.2mdv2008.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847