lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 9 Jun 2004 20:01:53 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:056-1 - Updated krb5 packages fix buffer overflow vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           krb5
 Advisory ID:            MDKSA-2004:056-1
 Date:                   June 9th, 2004
 Original Advisory Date: June 3rd, 2004
 Affected versions:	 10.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 Multiple buffer overflows exist in the krb5_aname_to_localname()
 library function that if exploited could lead to unauthorized root
 privileges.  In order to exploit this flaw, an attacker must first
 successfully authenticate to a vulnerable service, which must be
 configured to enable the explicit mapping or rules-based mapping
 functionality of krb5_aname_to_localname, which is not a default
 configuration.
 
 Mandrakesoft encourages all users to upgrade to these patched krb5
 packages.
  
Update:

 The original patch provided contained a bug where rule-based entries
 on systems without HAVE_REGCOMP would not work.  These updated
 packages provide the second patch provided by Kerberos development
 team which fixes that behaviour.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0523
  http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 f99046b9c22ccd8ee43c55e81455c2da  10.0/RPMS/ftp-client-krb5-1.3-6.2.100mdk.i586.rpm
 71ec023bc253a7a644bf769912581581  10.0/RPMS/ftp-server-krb5-1.3-6.2.100mdk.i586.rpm
 83bc4f8083c696cd886d17c85367da4d  10.0/RPMS/krb5-server-1.3-6.2.100mdk.i586.rpm
 1452a4348bce8d7fbc233041e23976f1  10.0/RPMS/krb5-workstation-1.3-6.2.100mdk.i586.rpm
 adc2470941f1fa52f510ea72905de4a6  10.0/RPMS/libkrb51-1.3-6.2.100mdk.i586.rpm
 b03971c30f024e337097fcf88fcac4ba  10.0/RPMS/libkrb51-devel-1.3-6.2.100mdk.i586.rpm
 e106dd67e9d3a2189558ad020fa74c8e  10.0/RPMS/telnet-client-krb5-1.3-6.2.100mdk.i586.rpm
 916930bef00993dea584b02a7467df01  10.0/RPMS/telnet-server-krb5-1.3-6.2.100mdk.i586.rpm
 69534bf0994a5deb8de8af7e6a8db9bd  10.0/SRPMS/krb5-1.3-6.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 25fdf1ec42187aabc637a49d751440f3  amd64/10.0/RPMS/ftp-client-krb5-1.3-6.2.100mdk.amd64.rpm
 7a325f9779a50902c8825b15e61432d9  amd64/10.0/RPMS/ftp-server-krb5-1.3-6.2.100mdk.amd64.rpm
 53c131a11babc4095a17852b6a832716  amd64/10.0/RPMS/krb5-server-1.3-6.2.100mdk.amd64.rpm
 b20b5bbc158c08ce8f42788f912f846e  amd64/10.0/RPMS/krb5-workstation-1.3-6.2.100mdk.amd64.rpm
 437603db5166ae14f1bc368cdf64c1f8  amd64/10.0/RPMS/lib64krb51-1.3-6.2.100mdk.amd64.rpm
 1f5f4c00b69e785c2d7660a0f16787d7  amd64/10.0/RPMS/lib64krb51-devel-1.3-6.2.100mdk.amd64.rpm
 9654ca0f0e1718702daf4bbe7ac1f8b0  amd64/10.0/RPMS/telnet-client-krb5-1.3-6.2.100mdk.amd64.rpm
 ce1aa30d1a56a44312e8889c5328070a  amd64/10.0/RPMS/telnet-server-krb5-1.3-6.2.100mdk.amd64.rpm
 69534bf0994a5deb8de8af7e6a8db9bd  amd64/10.0/SRPMS/krb5-1.3-6.2.100mdk.src.rpm

 Corporate Server 2.1:
 46c7983a619cc841f08002dc8e7168e5  corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.6.C21mdk.i586.rpm
 5a33a852581bf1513b03e9963e9fb5f1  corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.6.C21mdk.i586.rpm
 5db4ce83f34d89c88dee363f7456a579  corporate/2.1/RPMS/krb5-devel-1.2.5-1.6.C21mdk.i586.rpm
 c973ac1b9a8faf0cc50ab1caaa368650  corporate/2.1/RPMS/krb5-libs-1.2.5-1.6.C21mdk.i586.rpm
 21c88ad82c4c4dcd8273d7be8bdb233c  corporate/2.1/RPMS/krb5-server-1.2.5-1.6.C21mdk.i586.rpm
 be8cf199fd6bcd2a77e134db855cabd8  corporate/2.1/RPMS/krb5-workstation-1.2.5-1.6.C21mdk.i586.rpm
 24e5b09f2539366f3b2263c488c08747  corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.6.C21mdk.i586.rpm
 ba20a57f8ab221b6923d8614990ea632  corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.6.C21mdk.i586.rpm
 3de7ac3dbb7051d43a768c7279fc5ff6  corporate/2.1/SRPMS/krb5-1.2.5-1.6.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 de1460b4ce2c0200016f83dc32318c66  x86_64/corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.6.C21mdk.x86_64.rpm
 a54663cb122512c71e958b36c0101f6f  x86_64/corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.6.C21mdk.x86_64.rpm
 d6ae2f8f95fe40b28cb29386028ce691  x86_64/corporate/2.1/RPMS/krb5-devel-1.2.5-1.6.C21mdk.x86_64.rpm
 5b49725cc0937a61696d4209553c63b6  x86_64/corporate/2.1/RPMS/krb5-libs-1.2.5-1.6.C21mdk.x86_64.rpm
 30becf5eba2ee0ad4d90a4511afa7bfa  x86_64/corporate/2.1/RPMS/krb5-server-1.2.5-1.6.C21mdk.x86_64.rpm
 0f1d037b91fafa087e1d83d6c7c4b06c  x86_64/corporate/2.1/RPMS/krb5-workstation-1.2.5-1.6.C21mdk.x86_64.rpm
 650fed145e95b8cbd98458594cc6c644  x86_64/corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.6.C21mdk.x86_64.rpm
 64da12317074b00acc9d56dce1daedf3  x86_64/corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.6.C21mdk.x86_64.rpm
 3de7ac3dbb7051d43a768c7279fc5ff6  x86_64/corporate/2.1/SRPMS/krb5-1.2.5-1.6.C21mdk.src.rpm

 Mandrakelinux 9.1:
 441f4e7100c5b3f8be81726e53fdf222  9.1/RPMS/ftp-client-krb5-1.2.7-1.3.91mdk.i586.rpm
 d051877320e0ab9c400d466eff9559ba  9.1/RPMS/ftp-server-krb5-1.2.7-1.3.91mdk.i586.rpm
 b32f0cb98b47efd2fb1b04cd130c0854  9.1/RPMS/krb5-devel-1.2.7-1.3.91mdk.i586.rpm
 a2b8deb8fc93b8369ca222a5907478af  9.1/RPMS/krb5-libs-1.2.7-1.3.91mdk.i586.rpm
 c26e07825b09f802d614a22a6faa860f  9.1/RPMS/krb5-server-1.2.7-1.3.91mdk.i586.rpm
 747567def9fe60a96cfd2b2f5be1b1ac  9.1/RPMS/krb5-workstation-1.2.7-1.3.91mdk.i586.rpm
 d0e55eaa93da890ef440b191dee71943  9.1/RPMS/telnet-client-krb5-1.2.7-1.3.91mdk.i586.rpm
 5731acac4bd16d820d7916dd32a5d4d8  9.1/RPMS/telnet-server-krb5-1.2.7-1.3.91mdk.i586.rpm
 9539ee89b7f88a2f845e8414152bb7ca  9.1/SRPMS/krb5-1.2.7-1.3.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 b934cdf4bf7c35c56c2535ca22cae8e2  ppc/9.1/RPMS/ftp-client-krb5-1.2.7-1.3.91mdk.ppc.rpm
 6938f2f92ad903475162c90256108e11  ppc/9.1/RPMS/ftp-server-krb5-1.2.7-1.3.91mdk.ppc.rpm
 744b5d2b55426119118a8809112bfee9  ppc/9.1/RPMS/krb5-devel-1.2.7-1.3.91mdk.ppc.rpm
 5f133f52ae1ed12cbf2535572e532763  ppc/9.1/RPMS/krb5-libs-1.2.7-1.3.91mdk.ppc.rpm
 1cdab319a93b6b2ccab9a8f4f68ac759  ppc/9.1/RPMS/krb5-server-1.2.7-1.3.91mdk.ppc.rpm
 f67d0f0226f79aa18129184e5c5475b4  ppc/9.1/RPMS/krb5-workstation-1.2.7-1.3.91mdk.ppc.rpm
 92a1aec78b8b3986eff4d51cc32885d5  ppc/9.1/RPMS/telnet-client-krb5-1.2.7-1.3.91mdk.ppc.rpm
 c19ce680a739c47e8b46b0da70682470  ppc/9.1/RPMS/telnet-server-krb5-1.2.7-1.3.91mdk.ppc.rpm
 9539ee89b7f88a2f845e8414152bb7ca  ppc/9.1/SRPMS/krb5-1.2.7-1.3.91mdk.src.rpm

 Mandrakelinux 9.2:
 d08f22afc32e753ef0bc90cf604dfdb1  9.2/RPMS/ftp-client-krb5-1.3-3.2.92mdk.i586.rpm
 dc25f20e192c32d3daea4a4f874acb98  9.2/RPMS/ftp-server-krb5-1.3-3.2.92mdk.i586.rpm
 d4561ab2567e7df1f5f1a586a81e8872  9.2/RPMS/krb5-server-1.3-3.2.92mdk.i586.rpm
 0083e0ffa5fe9a9a17c4780fbc026eca  9.2/RPMS/krb5-workstation-1.3-3.2.92mdk.i586.rpm
 b907f745f2f1115290b754dbe503bd3a  9.2/RPMS/libkrb51-1.3-3.2.92mdk.i586.rpm
 09053a957460e7e925b479afaef5e545  9.2/RPMS/libkrb51-devel-1.3-3.2.92mdk.i586.rpm
 b899e55b0ba58b04a1183dcc1d2f0647  9.2/RPMS/telnet-client-krb5-1.3-3.2.92mdk.i586.rpm
 faad683f3bb93d5f41539638046b6f1c  9.2/RPMS/telnet-server-krb5-1.3-3.2.92mdk.i586.rpm
 15ce0a65e3b4d332af84939cf0c85070  9.2/SRPMS/krb5-1.3-3.2.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 caccd7cf30c0741fbc97be20eb0dc05a  amd64/9.2/RPMS/ftp-client-krb5-1.3-3.2.92mdk.amd64.rpm
 266304d9a8ef682bd923f5f4789d7193  amd64/9.2/RPMS/ftp-server-krb5-1.3-3.2.92mdk.amd64.rpm
 b4610e330c05d44c7c983ba142c77c22  amd64/9.2/RPMS/krb5-server-1.3-3.2.92mdk.amd64.rpm
 0bef84b3a99bea0bdc52c706a296302d  amd64/9.2/RPMS/krb5-workstation-1.3-3.2.92mdk.amd64.rpm
 d396c5ecd4f7833ee7166e0b21d427dd  amd64/9.2/RPMS/lib64krb51-1.3-3.2.92mdk.amd64.rpm
 7c71f2e0bf4eede67d9ac4dfb37b6b68  amd64/9.2/RPMS/lib64krb51-devel-1.3-3.2.92mdk.amd64.rpm
 066bbaaccae6f53a673b34a98c61bc90  amd64/9.2/RPMS/telnet-client-krb5-1.3-3.2.92mdk.amd64.rpm
 dce9c58384b1ff86ede26f5988cfeee6  amd64/9.2/RPMS/telnet-server-krb5-1.3-3.2.92mdk.amd64.rpm
 15ce0a65e3b4d332af84939cf0c85070  amd64/9.2/SRPMS/krb5-1.3-3.2.92mdk.src.rpm

 Multi Network Firewall 8.2:
 36edbd4e81a9588b97370ad7d1b85cc3  mnf8.2/RPMS/krb5-libs-1.2.2-17.7.M82mdk.i586.rpm
 8954be36c82d2bd6066cb9ab451d9a32  mnf8.2/SRPMS/krb5-1.2.2-17.7.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAx2yxmqjQ0CJFipgRAtWlAKC+4uLzIpxmefr2bkfoX7QkRlCNcQCfXC5l
80XFTgn+qCeQs+EOauO6jOU=
=LEdI
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ