lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050110134658.GA10327@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-58-1] MIT Kerberos server vulnerability

===========================================================
Ubuntu Security Notice USN-58-1		   January 10, 2005
krb5 vulnerability
CAN-2004-1189
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

krb5-admin-server
krb5-kdc
libkadm55
libkrb53

The problem can be corrected by upgrading the affected package to
version 1.3.4-3ubuntu0.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Michael Tautschnig discovered a possible buffer overflow in the
add_to_history() function in the MIT Kerberos 5 implementation.
Performing a password change did not properly track the password
policy's history count and the maximum number of keys. This could
cause an array overflow and may have allowed authenticated users (not
necessarily one with administrative privileges) to execute arbitrary
code on the KDC host, compromising an entire Kerberos realm.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.4-3ubuntu0.1.diff.gz
      Size/MD5:   660788 a3e773e901a67368f8dd322a903f7f81
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.4-3ubuntu0.1.dsc
      Size/MD5:      788 e9baf1ebfa972d585f829d7e64465bea
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.4.orig.tar.gz
      Size/MD5:  6361011 23ddf1655f7f180835cf34d104088473

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.3.4-3ubuntu0.1_all.deb
      Size/MD5:   716542 5b8265007cf5f2176955aacfe3eb45eb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.4-3ubuntu0.1_amd64.deb
      Size/MD5:   103764 7f4720f5b36e50c49f30bc99917dc31a
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.4-3ubuntu0.1_amd64.deb
      Size/MD5:   215204 30b4d7e2a133cce888127798b843566a
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.4-3ubuntu0.1_amd64.deb
      Size/MD5:    55802 92a9097d2c5fc574d644dd062a2a2d0c
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.4-3ubuntu0.1_amd64.deb
      Size/MD5:   123580 977b0f8def9a58ab022a2e8321f5d29d
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.4-3ubuntu0.1_amd64.deb
      Size/MD5:    81578 58fa9d55d6316f1540d642696509e04b
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.4-3ubuntu0.1_amd64.deb
      Size/MD5:    62318 ae6908459976878856a666950f2c956d
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.4-3ubuntu0.1_amd64.deb
      Size/MD5:   135856 0012a1ff533388ec7a6a4082f9eaa23a
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.4-3ubuntu0.1_amd64.deb
      Size/MD5:   176484 e26c41328f72a6b4ff3f9dfd16819429
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.4-3ubuntu0.1_amd64.deb
      Size/MD5:   651556 c41b666bd8ba980bb5240c8de4a22a42
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.4-3ubuntu0.1_amd64.deb
      Size/MD5:   367872 7c2ddc51d5fb971540aa2ddb74e136d0

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.4-3ubuntu0.1_i386.deb
      Size/MD5:    92828 40b738af512065868c3bd38a86652ee0
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.4-3ubuntu0.1_i386.deb
      Size/MD5:   186464 a2da914f916c3bf6b53d1c417e74b5cf
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.4-3ubuntu0.1_i386.deb
      Size/MD5:    50728 c53fab7706867bfd2e2defaaca0e8aba
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.4-3ubuntu0.1_i386.deb
      Size/MD5:   113756 2e6293b7d8788ca1e6584eeb371d4746
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.4-3ubuntu0.1_i386.deb
      Size/MD5:    73758 d2b3b94e05e43169379c0d6a742d15e2
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.4-3ubuntu0.1_i386.deb
      Size/MD5:    55284 8d279d10b1238c64e8e788e163d10697
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.4-3ubuntu0.1_i386.deb
      Size/MD5:   125264 0e37aeb9bf575e214e526148f6021abd
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.4-3ubuntu0.1_i386.deb
      Size/MD5:   160580 b735959ba91dad37fd12dd89faf798de
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.4-3ubuntu0.1_i386.deb
      Size/MD5:   559754 cccfdccc55db99dce5d79583060ec1a7
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.4-3ubuntu0.1_i386.deb
      Size/MD5:   339586 9c4e8bb211b3b463d2293a7e5acebac9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.4-3ubuntu0.1_powerpc.deb
      Size/MD5:   103998 72a3841148e8736286547e3b34b0d42d
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.4-3ubuntu0.1_powerpc.deb
      Size/MD5:   214930 137626b6516e100a313612b79f28a2f4
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.4-3ubuntu0.1_powerpc.deb
      Size/MD5:    55814 592491f4a84ce02651ec9489d2f64c4e
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.4-3ubuntu0.1_powerpc.deb
      Size/MD5:   124368 d68fe5a0c785baa01d2d7e7b6f14477f
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.4-3ubuntu0.1_powerpc.deb
      Size/MD5:    81392 2c43228e3b6d42fcdd214a516e9a4329
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.4-3ubuntu0.1_powerpc.deb
      Size/MD5:    60498 d2604219b83e84bea7ee2460a626fb59
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.4-3ubuntu0.1_powerpc.deb
      Size/MD5:   141916 fa44026deba1951732f3748381d0f842
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.4-3ubuntu0.1_powerpc.deb
      Size/MD5:   164366 b71f6b535f950994b907f39e8685ee57
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.4-3ubuntu0.1_powerpc.deb
      Size/MD5:   633862 bc094b01dfd0b507e157c870b6fa94a8
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.4-3ubuntu0.1_powerpc.deb
      Size/MD5:   351532 6fdb209e66b2935696a43f60efad7934
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050110/87095b1c/attachment.bin

Powered by blists - more mailing lists