Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in krb5
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in krb5
ID: TLSA-2007-42
Distribution: TurboLinux
Plattformen: Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 8 Server, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
Datum: Mi, 8. August 2007, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798
Applikationen: MIT Kerberos

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2007-42
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 07 Aug 2007
Last revised: 07 Aug 2007

Package: krb5

Summary: Three vulnerabilities discovered in krb5

More information:
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.

- MIT Kerberos 5 might allow remote attackers to execute arbitrary code
via a zero-length RPC credential.
- MIT Kerberos 5 might allow remote attackers to execute arbitrary code
via a negative length value.
- MIT Kerberos allows remote authenticated users to execute arbitrary code.

Impact:
An unauthenticated remote user may be able to cause a host running
kadmind to execute arbitrary code.

Affected Products:
- Turbolinux Appliance Server 2.0
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server


<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

krb5-1.3.4-23.src.rpm
6408804 43fc0d00222d58d2bd0a62dc47da5a1e

Binary Packages
Size: MD5

krb5-devel-1.3.4-23.i586.rpm
656575 7161337a83a4654c5ff71693e8125acd
krb5-libs-1.3.4-23.i586.rpm
432543 9ba2b98088b063e61e778215542d888a
krb5-server-1.3.4-23.i586.rpm
779682 3b11b75d9354376c1114a60a96b440de
krb5-workstation-1.3.4-23.i586.rpm
840061 6ccd1e1f985a9361d6b6e817925fce9b

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

krb5-1.3.4-23.src.rpm
6408804 b4f209d2d9021ae739177e9fe5359966

Binary Packages
Size: MD5

krb5-devel-1.3.4-23.x86_64.rpm
691617 d18ae80ee5463644e8941afa0769ec23
krb5-libs-1.3.4-23.x86_64.rpm
471895 f2e3878c4a396b058108f8e53c2699be
krb5-server-1.3.4-23.x86_64.rpm
794425 ee3335a60b793a922f65852d4f25dca6
krb5-workstation-1.3.4-23.x86_64.rpm
887749 9c111470cd3e9d778f2b1dfdc25b5441

<Turbolinux 10 Server>

Source Packages
Size: MD5

krb5-1.3.4-23.src.rpm
6408804 43fc0d00222d58d2bd0a62dc47da5a1e

Binary Packages
Size: MD5

krb5-debug-1.3.4-23.i586.rpm
4017314 15168ddd9ec3dfdd37de466493d659ab
krb5-devel-1.3.4-23.i586.rpm
656575 7161337a83a4654c5ff71693e8125acd
krb5-libs-1.3.4-23.i586.rpm
432543 9ba2b98088b063e61e778215542d888a
krb5-server-1.3.4-23.i586.rpm
779682 3b11b75d9354376c1114a60a96b440de
krb5-workstation-1.3.4-23.i586.rpm
840061 6ccd1e1f985a9361d6b6e817925fce9b

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux
Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

krb5-1.2.5-22.src.rpm
5529257 3c1a173ecb71b9635e63a75325451f9d

Binary Packages
Size: MD5

krb5-devel-1.2.5-22.i586.rpm
578748 6b3359f12309e3908aa2496a9b33b7e3
krb5-libs-1.2.5-22.i586.rpm
344274 37a8539044cb7775f92b61d861b15bd6
krb5-server-1.2.5-22.i586.rpm
603213 0cc1e369e9e88906dd7b98a038b66ec8
krb5-workstation-1.2.5-22.i586.rpm
592535 619c219b8f00f4da59177050e20a0777

<Turbolinux 8 Server>

Source Packages
Size: MD5

krb5-1.2.5-22.src.rpm
5529257 7e801575fddb958863757244430b7e6a

Binary Packages
Size: MD5

krb5-devel-1.2.5-22.i586.rpm
577526 4abf9b4f23af6ca66a5f01c669c9830b
krb5-libs-1.2.5-22.i586.rpm
640406 60c2ee2c96d84bbf0320b25cd9cb2285
krb5-server-1.2.5-22.i586.rpm
604127 981c85d5c00c7ca9d9792cb70c78f0e1
krb5-workstation-1.2.5-22.i586.rpm
603224 f5543545d84352956009debc51a8f630


References:

MIT krb5 Security Advisory
[MIT krb5 Security Advisory 2007-004]
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt
[MIT krb5 Security Advisory 2007-005]
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-005.txt

CVE
[CVE-2007-2442]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442
[CVE-2007-2443]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443
[CVE-2007-2798]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798

--------------------------------------------------------------------------
Revision History
07 Aug 2007 Initial release
--------------------------------------------------------------------------

Copyright(C) 2007 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGuBO1K0LzjOqIJMwRAkkDAJ92468/vZ7gfY6QD+IqNr2Mhc3mOgCdEWQd
40GpsExSbvv6twWOb7KEE1M=
=3eeV
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung