Nom du paquet
krb5
Date
2008-03-19
Advisory ID
MDVSA-2008:070
Affected versions
CS4.0 x86_64 , CS4.0 i586 , 2007.0 x86_64 , 2007.0 i586

Problem description

A memory management flaw was found in the GSSAPI library used by
Kerberos that could result in an attempt to free already freed memory,
possibly leading to a crash or allowing the execution of arbitrary code
(CVE-2007-5971).

A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4
protocol packets. An unauthenticated remote attacker could use this
flaw to crash the krb5kdc daemon, disclose portions of its memory,
or possibly %execute arbitrary code using malformed or truncated
Kerberos v4 protocol requests (CVE-2008-0062, CVE-2008-0063).

This issue only affects krb5kdc when it has Kerberos v4 protocol
compatibility enabled, which is a compiled-in default in all
Kerberos versions that Mandriva Linux ships prior to Mandriva
Linux 2008.0. Kerberos v4 protocol support can be disabled by
adding v4_mode=none (without quotes) to the [kdcdefaults] section
of /etc/kerberos/krb5kdc/kdc.conf.

A flaw in the RPC library as used in Kerberos' kadmind was discovered
by Jeff Altman of Secure Endpoints. An unauthenticated remote attacker
could use this vulnerability to crash kadmind or possibly execute
arbitrary code in systems with certain resource limits configured;
this does not affect the default resource limits used by Mandriva Linux
(CVE-2008-0947).

The updated packages have been patched to correct these issues.

Updated packages

CS4.0 x86_64

 0b23f077db4f274b061f34eb50f47634  corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.6.20060mlcs4.x86_64.rpm
 c70ca9de25fa8c9f7504f344b5be613a  corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.6.20060mlcs4.x86_64.rpm
 ca075a30dfeb617f808d616bbf420c63  corporate/4.0/x86_64/krb5-server-1.4.3-5.6.20060mlcs4.x86_64.rpm
 76ec4cd64c814c9cdf44e7c734f66cd9  corporate/4.0/x86_64/krb5-workstation-1.4.3-5.6.20060mlcs4.x86_64.rpm
 8eb62cc682d40a65a4b94aedb326cfc0  corporate/4.0/x86_64/lib64krb53-1.4.3-5.6.20060mlcs4.x86_64.rpm
 538eb51b88db5d5a368bdbdf74607501  corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.6.20060mlcs4.x86_64.rpm
 c22a1ac95f1a15fb65ee0eec60472936  corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.6.20060mlcs4.x86_64.rpm
 b64f38875ba0dbf2441b1fd78dbf585d  corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.6.20060mlcs4.x86_64.rpm 
 6a739594760cabeb536550168eefb333  corporate/4.0/SRPMS/krb5-1.4.3-5.6.20060mlcs4.src.rpm

CS4.0 i586

 d4dcc40949ba7e72823de561b2b5b050  corporate/4.0/i586/ftp-client-krb5-1.4.3-5.6.20060mlcs4.i586.rpm
 5e8b8cf4c051f235f2b4a3cc2a8c967c  corporate/4.0/i586/ftp-server-krb5-1.4.3-5.6.20060mlcs4.i586.rpm
 3c5812da62cc9a0cea89306877386ef7  corporate/4.0/i586/krb5-server-1.4.3-5.6.20060mlcs4.i586.rpm
 40b114f22d7109a125cdf5243160c5f1  corporate/4.0/i586/krb5-workstation-1.4.3-5.6.20060mlcs4.i586.rpm
 db7506751e5178556652b74d81b06c6d  corporate/4.0/i586/libkrb53-1.4.3-5.6.20060mlcs4.i586.rpm
 59ec6c3b207538656f2645eb3c0adf6a  corporate/4.0/i586/libkrb53-devel-1.4.3-5.6.20060mlcs4.i586.rpm
 fe234b5f259def09b88fba24869eba83  corporate/4.0/i586/telnet-client-krb5-1.4.3-5.6.20060mlcs4.i586.rpm
 e2b51de61c9a91686e98a05ea98ec05f  corporate/4.0/i586/telnet-server-krb5-1.4.3-5.6.20060mlcs4.i586.rpm 
 6a739594760cabeb536550168eefb333  corporate/4.0/SRPMS/krb5-1.4.3-5.6.20060mlcs4.src.rpm

2007.0 x86_64

 029aad278f01c2baef9f93b86b0bc20d  2007.0/x86_64/ftp-client-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm
 dae016ff39d8e4d9f517b3197eefd926  2007.0/x86_64/ftp-server-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm
 8b3fac7b20798715efdad0d0db6b4472  2007.0/x86_64/krb5-server-1.4.3-7.4mdv2007.0.x86_64.rpm
 81f6c05a73c175b581790532aa8572f1  2007.0/x86_64/krb5-workstation-1.4.3-7.4mdv2007.0.x86_64.rpm
 41e10d5f06e05ea4cf455a0c3420d09f  2007.0/x86_64/lib64krb53-1.4.3-7.4mdv2007.0.x86_64.rpm
 eeebf59564375187f01f628be3ac5132  2007.0/x86_64/lib64krb53-devel-1.4.3-7.4mdv2007.0.x86_64.rpm
 cff3b7303e5d157e4ef246867ba396e8  2007.0/x86_64/telnet-client-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm
 ee55c784f89a1190efb9ce619ba34227  2007.0/x86_64/telnet-server-krb5-1.4.3-7.4mdv2007.0.x86_64.rpm 
 9e63ac2d698d562ead71d5dd8c7ae315  2007.0/SRPMS/krb5-1.4.3-7.4mdv2007.0.src.rpm

2007.0 i586

 ef17fea5e296992fb34b0d00540b4190  2007.0/i586/ftp-client-krb5-1.4.3-7.4mdv2007.0.i586.rpm
 dbc47795968f03dff7eb50ff34a63b8d  2007.0/i586/ftp-server-krb5-1.4.3-7.4mdv2007.0.i586.rpm
 36f5b4160b9dc7d4393b8bc5f4f0b6fb  2007.0/i586/krb5-server-1.4.3-7.4mdv2007.0.i586.rpm
 f76121f223836939aef1f77164a7224d  2007.0/i586/krb5-workstation-1.4.3-7.4mdv2007.0.i586.rpm
 65c052a4916406626b3289abdb43e0a6  2007.0/i586/libkrb53-1.4.3-7.4mdv2007.0.i586.rpm
 e50117c585a8560813bc93704562e726  2007.0/i586/libkrb53-devel-1.4.3-7.4mdv2007.0.i586.rpm
 1f99498d879f9343510479f2791245ac  2007.0/i586/telnet-client-krb5-1.4.3-7.4mdv2007.0.i586.rpm
 9ed009750d2bcf738ceefce2e4c69512  2007.0/i586/telnet-server-krb5-1.4.3-7.4mdv2007.0.i586.rpm 
 9e63ac2d698d562ead71d5dd8c7ae315  2007.0/SRPMS/krb5-1.4.3-7.4mdv2007.0.src.rpm

References