lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1HbLyk-0005YC-5I@artemis.annvix.ca>
Date: Tue, 10 Apr 2007 13:26:10 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:077-1 ] - Updated krb5 packages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                       MDKSA-2007:077-1
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : krb5
 Date    : April 10, 2007
 Affected: 2007.1
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability was found in the username handling of the MIT krb5
 telnet daemon.  A remote attacker that could access the telnet port
 of a target machine could login as root without requiring a password
 (CVE-2007-0956).
 
 Buffer overflows in the kadmin server daemon were discovered that could
 be exploited by a remote attacker able to access the KDC.  Successful
 exploitation could allow for the execution of arbitrary code with
 the privileges of the KDC or kadmin server processes (CVE-2007-0957).
 
 Finally, a double-free flaw was discovered in the GSSAPI library used
 by the kadmin server daemon, which could lead to a denial of service
 condition or the execution of arbitrary code with the privileges of
 the KDC or kadmin server processes (CVE-2007-1216).
 
 Updated packages have been patched to address this issue.

 Update:

 Packages for Mandriva Linux 2007.1 are now available.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 5eae0ebe3be9e580c1c19ee041c9d72f  2007.1/i586/ftp-client-krb5-1.5.2-6.1mdv2007.1.i586.rpm
 83dd6a9c403f9ea3bc32a40a64c98fbf  2007.1/i586/ftp-server-krb5-1.5.2-6.1mdv2007.1.i586.rpm
 7fc832a70c77923aeec52cd309ee9c6f  2007.1/i586/krb5-server-1.5.2-6.1mdv2007.1.i586.rpm
 e54a01775aa24a1d9a08090b62b59a6c  2007.1/i586/krb5-workstation-1.5.2-6.1mdv2007.1.i586.rpm
 cfeabf699713ff757eb646ab681a6acc  2007.1/i586/libkrb53-1.5.2-6.1mdv2007.1.i586.rpm
 c3bf54b449ec81b27a7ca5a41dff9a7a  2007.1/i586/libkrb53-devel-1.5.2-6.1mdv2007.1.i586.rpm
 801cd83b96ebcd8f3ca425543f1f63a5  2007.1/i586/telnet-client-krb5-1.5.2-6.1mdv2007.1.i586.rpm
 0568ed507d58f76302071b197d9523cc  2007.1/i586/telnet-server-krb5-1.5.2-6.1mdv2007.1.i586.rpm 
 5e774ba6ce43122995ac39c43164d092  2007.1/SRPMS/krb5-1.5.2-6.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 392287e6ad669fd9321a9de1c85796d8  2007.1/x86_64/ftp-client-krb5-1.5.2-6.1mdv2007.1.x86_64.rpm
 68349333c7611dee78c814ea4fc2d9f2  2007.1/x86_64/ftp-server-krb5-1.5.2-6.1mdv2007.1.x86_64.rpm
 a651024d2b42bc67033287e6795db6b5  2007.1/x86_64/krb5-server-1.5.2-6.1mdv2007.1.x86_64.rpm
 28cd0236420330bb839b8e39ef2949c2  2007.1/x86_64/krb5-workstation-1.5.2-6.1mdv2007.1.x86_64.rpm
 690eb27a9d90ab5319f70ea8f7326be4  2007.1/x86_64/lib64krb53-1.5.2-6.1mdv2007.1.x86_64.rpm
 058d267b757c9ba63200e26f258100c3  2007.1/x86_64/lib64krb53-devel-1.5.2-6.1mdv2007.1.x86_64.rpm
 d1bed5a3c84f0cc3e96d4760faa33477  2007.1/x86_64/telnet-client-krb5-1.5.2-6.1mdv2007.1.x86_64.rpm
 ee1b6269c10f066d8fbd6ee2d0c2c818  2007.1/x86_64/telnet-server-krb5-1.5.2-6.1mdv2007.1.x86_64.rpm 
 5e774ba6ce43122995ac39c43164d092  2007.1/SRPMS/krb5-1.5.2-6.1mdv2007.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGG7qamqjQ0CJFipgRAjfTAJ9K1VRtkQ2skYjvi7naSjK9eutG7QCePO6q
2lqHNQT39QthWcVG2K4h5cY=
=0Xpg
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ