lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Rfv0z-0004S3-7x@titan.mandriva.com>
Date: Wed, 28 Dec 2011 16:02:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:195 ] krb5-appl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:195
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : krb5-appl
 Date    : December 28, 2011
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in krb5-appl,
 heimdal and netkit-telnet:
 
 An unauthenticated remote attacker can cause a buffer overflow and
 probably execute arbitrary code with the privileges of the telnet
 daemon (CVE-2011-4862).
 
 In Mandriva the telnetd daemon from the netkit-telnet-server package
 does not have an initscript to start and stop the service, however
 one could rather easily craft an initscript or start the service by
 other means rendering the system vulnerable to this issue.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-008.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 1e459123a2f875bb0ef1c65f721edf50  2010.1/i586/krb5-appl-clients-1.0-4.2mdv2010.2.i586.rpm
 d65683ee3e888b75353a43e327cb855c  2010.1/i586/krb5-appl-servers-1.0-4.2mdv2010.2.i586.rpm 
 62804464c760561c4f134ddf4d11852c  2010.1/SRPMS/krb5-appl-1.0-4.2mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 5fe09e9535fbb3692b96cc03185dc516  2010.1/x86_64/krb5-appl-clients-1.0-4.2mdv2010.2.x86_64.rpm
 461518ce21d58ad2f534f62e4c5dc461  2010.1/x86_64/krb5-appl-servers-1.0-4.2mdv2010.2.x86_64.rpm 
 62804464c760561c4f134ddf4d11852c  2010.1/SRPMS/krb5-appl-1.0-4.2mdv2010.2.src.rpm

 Mandriva Linux 2011:
 661921f285dfdeda2ef72664d58d9f8c  2011/i586/krb5-appl-clients-1.0.2-1.1-mdv2011.0.i586.rpm
 83c8776973e64a7e3513b87bab057765  2011/i586/krb5-appl-servers-1.0.2-1.1-mdv2011.0.i586.rpm
 d474e4839c2b576bb06040b696e2c418  2011/i586/netkit-telnet-0.17-12.1-mdv2011.0.i586.rpm
 4ee52df8f499c994276e2a29bedf4a79  2011/i586/netkit-telnet-server-0.17-12.1-mdv2011.0.i586.rpm 
 04b8e977a33e8afb81a5d93e8d760a13  2011/SRPMS/krb5-appl-1.0.2-1.1.src.rpm
 d964d649a10215093c2a77cb5920c151  2011/SRPMS/netkit-telnet-0.17-12.1.src.rpm

 Mandriva Linux 2011/X86_64:
 85505c121c37bc0833dde87b6e8cd52d  2011/x86_64/krb5-appl-clients-1.0.2-1.1-mdv2011.0.x86_64.rpm
 03bf11b0b8983694f26b86be59b9ecd1  2011/x86_64/krb5-appl-servers-1.0.2-1.1-mdv2011.0.x86_64.rpm
 556a9471a9eec11b07561dd198fd90e2  2011/x86_64/netkit-telnet-0.17-12.1-mdv2011.0.x86_64.rpm
 9c8b1cafa52f44d568b5eca237ba5416  2011/x86_64/netkit-telnet-server-0.17-12.1-mdv2011.0.x86_64.rpm 
 04b8e977a33e8afb81a5d93e8d760a13  2011/SRPMS/krb5-appl-1.0.2-1.1.src.rpm
 d964d649a10215093c2a77cb5920c151  2011/SRPMS/netkit-telnet-0.17-12.1.src.rpm

 Mandriva Enterprise Server 5:
 df59323ae09c987f0c8819ac368419de  mes5/i586/heimdal-daemons-1.2-4.2mdvmes5.2.i586.rpm
 c1334ab8c1a5a89af8c78b07781d51e9  mes5/i586/heimdal-devel-1.2-4.2mdvmes5.2.i586.rpm
 d07844605a7274530622eaf5a29de660  mes5/i586/heimdal-devel-doc-1.2-4.2mdvmes5.2.i586.rpm
 14590df5b7dec274fb425da140ccd25d  mes5/i586/heimdal-ftp-1.2-4.2mdvmes5.2.i586.rpm
 2a4fe84dc05844eaefde34a28d551c3e  mes5/i586/heimdal-ftpd-1.2-4.2mdvmes5.2.i586.rpm
 2173511c1281790b07e80ade2fee760f  mes5/i586/heimdal-libs-1.2-4.2mdvmes5.2.i586.rpm
 8a2e5e70a6e86c37b283594f7b4ba530  mes5/i586/heimdal-login-1.2-4.2mdvmes5.2.i586.rpm
 e69ed4d00f7ac2b099f680a470ff30c5  mes5/i586/heimdal-rsh-1.2-4.2mdvmes5.2.i586.rpm
 8de57e3ca75d88322a945a90326dec49  mes5/i586/heimdal-rshd-1.2-4.2mdvmes5.2.i586.rpm
 3de772841233f701d259fffe45697500  mes5/i586/heimdal-server-1.2-4.2mdvmes5.2.i586.rpm
 260c3d1921268e90f47d584a13ad5268  mes5/i586/heimdal-telnet-1.2-4.2mdvmes5.2.i586.rpm
 b9ce1eb2b18fec3b4bcd612f42c82c71  mes5/i586/heimdal-telnetd-1.2-4.2mdvmes5.2.i586.rpm
 5722bcd6a670967b7435199fc2617ae6  mes5/i586/heimdal-workstation-1.2-4.2mdvmes5.2.i586.rpm
 b32743f2d21ea114991bc007b0e41510  mes5/i586/krb5-appl-clients-1.0-0.4mdvmes5.2.i586.rpm
 e1221e0148e8b7b9efcb83ac82f7b1b2  mes5/i586/krb5-appl-servers-1.0-0.4mdvmes5.2.i586.rpm
 73807bd98fa1cfa400ba019bd6240c02  mes5/i586/netkit-telnet-0.17-4.1mdvmes5.2.i586.rpm
 a4500cd30fe4585f4d3ae842c8be431c  mes5/i586/netkit-telnet-server-0.17-4.1mdvmes5.2.i586.rpm 
 59b4e672919fbe19e7c8caf2e3b2311d  mes5/SRPMS/heimdal-1.2-4.2mdvmes5.2.src.rpm
 e0370a8e16956bfe2029c0860874834a  mes5/SRPMS/krb5-appl-1.0-0.4mdvmes5.2.src.rpm
 eb7a4b09657da5fa0cf7b45784821a7c  mes5/SRPMS/netkit-telnet-0.17-4.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 d7d55a44ef5007832509f10216844f43  mes5/x86_64/heimdal-daemons-1.2-4.2mdvmes5.2.x86_64.rpm
 9469a9456d182c7ae7e58d3391f925ce  mes5/x86_64/heimdal-devel-1.2-4.2mdvmes5.2.x86_64.rpm
 64cf28901f79837b01c7f6e7507d3160  mes5/x86_64/heimdal-devel-doc-1.2-4.2mdvmes5.2.x86_64.rpm
 2a093956f8eda22915f6a567e37abc65  mes5/x86_64/heimdal-ftp-1.2-4.2mdvmes5.2.x86_64.rpm
 983f3f520166066e67047c7a2f33fda3  mes5/x86_64/heimdal-ftpd-1.2-4.2mdvmes5.2.x86_64.rpm
 d289816104d425e90bf1eda7bf433473  mes5/x86_64/heimdal-libs-1.2-4.2mdvmes5.2.x86_64.rpm
 7614b0134169c19ba15470023285346c  mes5/x86_64/heimdal-login-1.2-4.2mdvmes5.2.x86_64.rpm
 86006f8535add4a8ba08d772268a2b7b  mes5/x86_64/heimdal-rsh-1.2-4.2mdvmes5.2.x86_64.rpm
 cb62ed8138d65206bd572010228da8e5  mes5/x86_64/heimdal-rshd-1.2-4.2mdvmes5.2.x86_64.rpm
 eef74ac791915064231c51aa07676131  mes5/x86_64/heimdal-server-1.2-4.2mdvmes5.2.x86_64.rpm
 369c80a74766fbdb9adadb31ccfe5891  mes5/x86_64/heimdal-telnet-1.2-4.2mdvmes5.2.x86_64.rpm
 cf2d34517a82f619d8cb926c094a1c1c  mes5/x86_64/heimdal-telnetd-1.2-4.2mdvmes5.2.x86_64.rpm
 8daa482f517f8cd3663e229bfad30738  mes5/x86_64/heimdal-workstation-1.2-4.2mdvmes5.2.x86_64.rpm
 81bcfe905f61e733d9de408017a6f430  mes5/x86_64/krb5-appl-clients-1.0-0.4mdvmes5.2.x86_64.rpm
 2b7931ecaf2750e3e93b2a27ec1fc1b7  mes5/x86_64/krb5-appl-servers-1.0-0.4mdvmes5.2.x86_64.rpm
 62be386cf2714b62c0dcf726163a21f9  mes5/x86_64/netkit-telnet-0.17-4.1mdvmes5.2.x86_64.rpm
 8e7a69ae9c164e7cfaa491902f217e37  mes5/x86_64/netkit-telnet-server-0.17-4.1mdvmes5.2.x86_64.rpm 
 59b4e672919fbe19e7c8caf2e3b2311d  mes5/SRPMS/heimdal-1.2-4.2mdvmes5.2.src.rpm
 e0370a8e16956bfe2029c0860874834a  mes5/SRPMS/krb5-appl-1.0-0.4mdvmes5.2.src.rpm
 eb7a4b09657da5fa0cf7b45784821a7c  mes5/SRPMS/netkit-telnet-0.17-4.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFO+wGbmqjQ0CJFipgRAmkNAKDB11PLbzRJ5vpQlKUxFEq2GY5NzwCcDlRI
kKseGX6MXQhqJQOeA8fZLUY=
=YpGI
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ