lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050110134658.GA10327@box79162.elkhouse.de> From: martin.pitt at canonical.com (Martin Pitt) Subject: [USN-58-1] MIT Kerberos server vulnerability =========================================================== Ubuntu Security Notice USN-58-1 January 10, 2005 krb5 vulnerability CAN-2004-1189 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: krb5-admin-server krb5-kdc libkadm55 libkrb53 The problem can be corrected by upgrading the affected package to version 1.3.4-3ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Michael Tautschnig discovered a possible buffer overflow in the add_to_history() function in the MIT Kerberos 5 implementation. Performing a password change did not properly track the password policy's history count and the maximum number of keys. This could cause an array overflow and may have allowed authenticated users (not necessarily one with administrative privileges) to execute arbitrary code on the KDC host, compromising an entire Kerberos realm. Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.4-3ubuntu0.1.diff.gz Size/MD5: 660788 a3e773e901a67368f8dd322a903f7f81 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.4-3ubuntu0.1.dsc Size/MD5: 788 e9baf1ebfa972d585f829d7e64465bea http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.4.orig.tar.gz Size/MD5: 6361011 23ddf1655f7f180835cf34d104088473 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.3.4-3ubuntu0.1_all.deb Size/MD5: 716542 5b8265007cf5f2176955aacfe3eb45eb amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.4-3ubuntu0.1_amd64.deb Size/MD5: 103764 7f4720f5b36e50c49f30bc99917dc31a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.4-3ubuntu0.1_amd64.deb Size/MD5: 215204 30b4d7e2a133cce888127798b843566a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.4-3ubuntu0.1_amd64.deb Size/MD5: 55802 92a9097d2c5fc574d644dd062a2a2d0c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.4-3ubuntu0.1_amd64.deb Size/MD5: 123580 977b0f8def9a58ab022a2e8321f5d29d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.4-3ubuntu0.1_amd64.deb Size/MD5: 81578 58fa9d55d6316f1540d642696509e04b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.4-3ubuntu0.1_amd64.deb Size/MD5: 62318 ae6908459976878856a666950f2c956d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.4-3ubuntu0.1_amd64.deb Size/MD5: 135856 0012a1ff533388ec7a6a4082f9eaa23a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.4-3ubuntu0.1_amd64.deb Size/MD5: 176484 e26c41328f72a6b4ff3f9dfd16819429 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.4-3ubuntu0.1_amd64.deb Size/MD5: 651556 c41b666bd8ba980bb5240c8de4a22a42 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.4-3ubuntu0.1_amd64.deb Size/MD5: 367872 7c2ddc51d5fb971540aa2ddb74e136d0 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.4-3ubuntu0.1_i386.deb Size/MD5: 92828 40b738af512065868c3bd38a86652ee0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.4-3ubuntu0.1_i386.deb Size/MD5: 186464 a2da914f916c3bf6b53d1c417e74b5cf http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.4-3ubuntu0.1_i386.deb Size/MD5: 50728 c53fab7706867bfd2e2defaaca0e8aba http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.4-3ubuntu0.1_i386.deb Size/MD5: 113756 2e6293b7d8788ca1e6584eeb371d4746 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.4-3ubuntu0.1_i386.deb Size/MD5: 73758 d2b3b94e05e43169379c0d6a742d15e2 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.4-3ubuntu0.1_i386.deb Size/MD5: 55284 8d279d10b1238c64e8e788e163d10697 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.4-3ubuntu0.1_i386.deb Size/MD5: 125264 0e37aeb9bf575e214e526148f6021abd http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.4-3ubuntu0.1_i386.deb Size/MD5: 160580 b735959ba91dad37fd12dd89faf798de http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.4-3ubuntu0.1_i386.deb Size/MD5: 559754 cccfdccc55db99dce5d79583060ec1a7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.4-3ubuntu0.1_i386.deb Size/MD5: 339586 9c4e8bb211b3b463d2293a7e5acebac9 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.4-3ubuntu0.1_powerpc.deb Size/MD5: 103998 72a3841148e8736286547e3b34b0d42d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.4-3ubuntu0.1_powerpc.deb Size/MD5: 214930 137626b6516e100a313612b79f28a2f4 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.4-3ubuntu0.1_powerpc.deb Size/MD5: 55814 592491f4a84ce02651ec9489d2f64c4e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.4-3ubuntu0.1_powerpc.deb Size/MD5: 124368 d68fe5a0c785baa01d2d7e7b6f14477f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.4-3ubuntu0.1_powerpc.deb Size/MD5: 81392 2c43228e3b6d42fcdd214a516e9a4329 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.4-3ubuntu0.1_powerpc.deb Size/MD5: 60498 d2604219b83e84bea7ee2460a626fb59 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.4-3ubuntu0.1_powerpc.deb Size/MD5: 141916 fa44026deba1951732f3748381d0f842 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.4-3ubuntu0.1_powerpc.deb Size/MD5: 164366 b71f6b535f950994b907f39e8685ee57 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.4-3ubuntu0.1_powerpc.deb Size/MD5: 633862 bc094b01dfd0b507e157c870b6fa94a8 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.4-3ubuntu0.1_powerpc.deb Size/MD5: 351532 6fdb209e66b2935696a43f60efad7934 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050110/87095b1c/attachment.bin
Powered by blists - more mailing lists