[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PNbNV-0000Dp-Cm@titan.mandriva.com>
Date: Wed, 01 Dec 2010 02:21:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:245 ] krb5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:245
http://www.mandriva.com/security/
_______________________________________________________________________
Package : krb5
Date : November 30, 2010
Affected: 2009.0, 2010.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in krb5:
An unauthenticated remote attacker could alter a SAM-2 challenge,
affecting the prompt text seen by the user or the kind of response
sent to the KDC. Under some circumstances, this can negate the
incremental security benefit of using a single-use authentication
mechanism token. An unauthenticated remote attacker has a 1/256
chance of forging KRB-SAFE messages in an application protocol if the
targeted pre-existing session uses an RC4 session key. Few application
protocols use KRB-SAFE messages (CVE-2010-1323).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
ed005ce6d0a31c2c028b38290d2d23f7 2009.0/i586/ftp-client-krb5-1.6.3-6.6mdv2009.0.i586.rpm
b0d610dd1dd4be2658b3c3a08dcc31aa 2009.0/i586/ftp-server-krb5-1.6.3-6.6mdv2009.0.i586.rpm
791006917acdcb397c9e7689770d7c36 2009.0/i586/krb5-1.6.3-6.6mdv2009.0.i586.rpm
cb7d7518d360b46eb083039f1feee340 2009.0/i586/krb5-server-1.6.3-6.6mdv2009.0.i586.rpm
b1749fbde829029d688fde290ee1954a 2009.0/i586/krb5-workstation-1.6.3-6.6mdv2009.0.i586.rpm
99bccc78bdb574f3189d3f9880638105 2009.0/i586/libkrb53-1.6.3-6.6mdv2009.0.i586.rpm
1b21f740d4502b04ba092b450876469d 2009.0/i586/libkrb53-devel-1.6.3-6.6mdv2009.0.i586.rpm
f87d10751e70f02b709c82d755db019e 2009.0/i586/telnet-client-krb5-1.6.3-6.6mdv2009.0.i586.rpm
248584468c20980a30cbaa1f2172d93d 2009.0/i586/telnet-server-krb5-1.6.3-6.6mdv2009.0.i586.rpm
279bbdbf0c611000e9295897aac21c62 2009.0/SRPMS/krb5-1.6.3-6.6mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
89ad30c1c76ab4992c891ce6eb34716f 2009.0/x86_64/ftp-client-krb5-1.6.3-6.6mdv2009.0.x86_64.rpm
cdba6d2b6cd019ecc6881be5275091af 2009.0/x86_64/ftp-server-krb5-1.6.3-6.6mdv2009.0.x86_64.rpm
4be4ed11da0e9593861116f7f2cbb49f 2009.0/x86_64/krb5-1.6.3-6.6mdv2009.0.x86_64.rpm
e351b352e276d4ea44cca84e1e7e6c74 2009.0/x86_64/krb5-server-1.6.3-6.6mdv2009.0.x86_64.rpm
d6781f21f0a0c954510a3855f7075d74 2009.0/x86_64/krb5-workstation-1.6.3-6.6mdv2009.0.x86_64.rpm
151dec2c24b9ff1e608f2cd1daa1042e 2009.0/x86_64/lib64krb53-1.6.3-6.6mdv2009.0.x86_64.rpm
c9c041aa74f5114ccbb1ad728abd98d9 2009.0/x86_64/lib64krb53-devel-1.6.3-6.6mdv2009.0.x86_64.rpm
6018f8c6a827bd917700bfd9fb16aa63 2009.0/x86_64/telnet-client-krb5-1.6.3-6.6mdv2009.0.x86_64.rpm
f09f8fabb70fd09f4b6be10cfc97f647 2009.0/x86_64/telnet-server-krb5-1.6.3-6.6mdv2009.0.x86_64.rpm
279bbdbf0c611000e9295897aac21c62 2009.0/SRPMS/krb5-1.6.3-6.6mdv2009.0.src.rpm
Mandriva Linux 2010.0:
87781c261341cfa333bfbaa67886d3f5 2010.0/i586/ftp-client-krb5-1.6.3-10.4mdv2010.0.i586.rpm
e2e72dcbc91a2eb01bcf9ef618861672 2010.0/i586/ftp-server-krb5-1.6.3-10.4mdv2010.0.i586.rpm
6f8be2e3c308af75a82cf37be72a0ac5 2010.0/i586/krb5-1.6.3-10.4mdv2010.0.i586.rpm
fdb3c95ad58aff10a70009368c4ce683 2010.0/i586/krb5-server-1.6.3-10.4mdv2010.0.i586.rpm
5f346e92394af1d6f801d53024247575 2010.0/i586/krb5-workstation-1.6.3-10.4mdv2010.0.i586.rpm
f02253d397b5ea221af118e576af6114 2010.0/i586/libkrb53-1.6.3-10.4mdv2010.0.i586.rpm
4f837b840be0655ab513fcf8054aee3d 2010.0/i586/libkrb53-devel-1.6.3-10.4mdv2010.0.i586.rpm
dd4b4c5c204a6f53e2a074b83d95f6fe 2010.0/i586/telnet-client-krb5-1.6.3-10.4mdv2010.0.i586.rpm
d9f470d10eb7f7dc5838d2b42e09e2bf 2010.0/i586/telnet-server-krb5-1.6.3-10.4mdv2010.0.i586.rpm
155600292f04d42d823e543c67c6820e 2010.0/SRPMS/krb5-1.6.3-10.4mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
a98a5d9be4ec2f8ce8cbc1e529f01a18 2010.0/x86_64/ftp-client-krb5-1.6.3-10.4mdv2010.0.x86_64.rpm
1c37919f956303ccdb0367b5099dce95 2010.0/x86_64/ftp-server-krb5-1.6.3-10.4mdv2010.0.x86_64.rpm
e1fa476906a1c39fea82af54e5ef46ea 2010.0/x86_64/krb5-1.6.3-10.4mdv2010.0.x86_64.rpm
5fae3c064f42ac15c3d76b62ed1d31a8 2010.0/x86_64/krb5-server-1.6.3-10.4mdv2010.0.x86_64.rpm
16ec6abe879d88f2e64d602979d68251 2010.0/x86_64/krb5-workstation-1.6.3-10.4mdv2010.0.x86_64.rpm
0fa9d14d9b6a0ca3bcba6ced67d80974 2010.0/x86_64/lib64krb53-1.6.3-10.4mdv2010.0.x86_64.rpm
6ba4fda406959d55a34ba1e3f2663ae6 2010.0/x86_64/lib64krb53-devel-1.6.3-10.4mdv2010.0.x86_64.rpm
c74854e156d72aaf6eb0cc4f6e9839dd 2010.0/x86_64/telnet-client-krb5-1.6.3-10.4mdv2010.0.x86_64.rpm
ae0c89a59476046c9f59e2a6b18dcb57 2010.0/x86_64/telnet-server-krb5-1.6.3-10.4mdv2010.0.x86_64.rpm
155600292f04d42d823e543c67c6820e 2010.0/SRPMS/krb5-1.6.3-10.4mdv2010.0.src.rpm
Corporate 4.0:
dec2633783c4b665b92ad399b9a51660 corporate/4.0/i586/ftp-client-krb5-1.4.3-5.10.20060mlcs4.i586.rpm
380be1fc294337f204641917774b70df corporate/4.0/i586/ftp-server-krb5-1.4.3-5.10.20060mlcs4.i586.rpm
114bc5ea49aef4326cd0794637a87c17 corporate/4.0/i586/krb5-server-1.4.3-5.10.20060mlcs4.i586.rpm
33373aa43ace9fe599e1048878cca829 corporate/4.0/i586/krb5-workstation-1.4.3-5.10.20060mlcs4.i586.rpm
7d4f74b48d73c0bca75a0f72bcc0921a corporate/4.0/i586/libkrb53-1.4.3-5.10.20060mlcs4.i586.rpm
289e9317d9a3d690bba2a6a0caf759f4 corporate/4.0/i586/libkrb53-devel-1.4.3-5.10.20060mlcs4.i586.rpm
363af388e65141a65565fa486943546e corporate/4.0/i586/telnet-client-krb5-1.4.3-5.10.20060mlcs4.i586.rpm
b5cd78bb4a17d65c55c0f65080b2506a corporate/4.0/i586/telnet-server-krb5-1.4.3-5.10.20060mlcs4.i586.rpm
391a77d92c277bbeb019c929d90a467c corporate/4.0/SRPMS/krb5-1.4.3-5.10.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
8167696ba48bb72abb4139a21ea28124 corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.10.20060mlcs4.x86_64.rpm
fbe0e8826e8d9de4219c4fe6d8522869 corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.10.20060mlcs4.x86_64.rpm
6a78b2837dceb16aa2b89c1b1e37a141 corporate/4.0/x86_64/krb5-server-1.4.3-5.10.20060mlcs4.x86_64.rpm
a614abee8d842b32ae7e77f12a5cb5e8 corporate/4.0/x86_64/krb5-workstation-1.4.3-5.10.20060mlcs4.x86_64.rpm
8454424927b830e424fc2005353d90ee corporate/4.0/x86_64/lib64krb53-1.4.3-5.10.20060mlcs4.x86_64.rpm
a145126429abd891937c02d515381cc1 corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.10.20060mlcs4.x86_64.rpm
c637967bef7c5841aa9450ff6e94309e corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.10.20060mlcs4.x86_64.rpm
5cf49d35408a884e297dca2f823ca3ec corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.10.20060mlcs4.x86_64.rpm
391a77d92c277bbeb019c929d90a467c corporate/4.0/SRPMS/krb5-1.4.3-5.10.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFM9XQTmqjQ0CJFipgRAnOaAJwIYhVA9gWRrDzj2mE5gDDWtjtYiwCg6XtA
oYFGcxfeSST1fNaz2CepxeY=
=FXu1
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists