drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in krb5
Name: |
Mehrere Probleme in krb5 |
|
ID: |
RHSA-2007:0562-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Di, 26. Juni 2007, 20:59 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798 |
|
Applikationen: |
MIT Kerberos |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Important: krb5 security update Advisory ID: RHSA-2007:0562-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0562.html Issue date: 2007-06-26 Updated on: 2007-06-26 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 - ---------------------------------------------------------------------
1. Summary:
Updated krb5 packages that fix several security flaws are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Problem description:
Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server.
David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. On Red Hat Enterprise Linux 4 and 5, glibc detects attempts to free invalid pointers. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2442)
David Coffey also discovered an overflow flaw in the RPC library used by kadmind. On Red Hat Enterprise Linux, exploitation of this flaw is limited to a denial of service. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2443)
A stack buffer overflow flaw was found in kadmind. An authenticated attacker who can access kadmind could trigger this flaw and potentially execute arbitrary code on the Kerberos server. (CVE-2007-2798)
Users of krb5-server are advised to update to these erratum packages which contain backported fixes to correct these issues.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
245547 - CVE-2007-2442 krb5 RPC library unitialized pointer free 245548 - CVE-2007-2443 krb5 RPC library stack overflow 245549 - CVE-2007-2798 krb5 kadmind buffer overflow
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/krb5-1.3.4-49.src.rpm 31d66f8b81a412d2b527a1d2e34a6e29 krb5-1.3.4-49.src.rpm
i386: 9e3db992036d070d8932180873098150 krb5-debuginfo-1.3.4-49.i386.rpm cb0671a2c26fea448cc88e973513de5e krb5-devel-1.3.4-49.i386.rpm a98a07dbc3bb70a29be7abf1f9413514 krb5-libs-1.3.4-49.i386.rpm 4ae9d98926bb5b88562d2a9df1d5b019 krb5-server-1.3.4-49.i386.rpm 292e2aba8e5f54b252d8c2dcae346c2c krb5-workstation-1.3.4-49.i386.rpm
ia64: 9e3db992036d070d8932180873098150 krb5-debuginfo-1.3.4-49.i386.rpm 9b548a0ef35ea35fd9679ccf42703ec6 krb5-debuginfo-1.3.4-49.ia64.rpm 14661d7ee6d5005c074bbed129cfac43 krb5-devel-1.3.4-49.ia64.rpm a98a07dbc3bb70a29be7abf1f9413514 krb5-libs-1.3.4-49.i386.rpm 09a2550dc627f1eeda901a1884a04a2f krb5-libs-1.3.4-49.ia64.rpm 03c9f1f5d4bcc5921574167506a67fcd krb5-server-1.3.4-49.ia64.rpm 5292efc768b6d6f2ee260a906fc3e46e krb5-workstation-1.3.4-49.ia64.rpm
ppc: cb1bea183c6b23d42f5b4b1628327dee krb5-debuginfo-1.3.4-49.ppc.rpm 814e5b231faabb8ef6431329883113ef krb5-debuginfo-1.3.4-49.ppc64.rpm 1b94755c3809a53ee8a65a5579019a3e krb5-devel-1.3.4-49.ppc.rpm 3eb28a977ad52918f2d5df8bc3a24a3b krb5-libs-1.3.4-49.ppc.rpm 79782bc2122f93deaba0de971bfa1eb6 krb5-libs-1.3.4-49.ppc64.rpm 1ae8f9b1d1f8e27280888b75af8138a7 krb5-server-1.3.4-49.ppc.rpm e490dc881325c56e368f70d34c0b7b67 krb5-workstation-1.3.4-49.ppc.rpm
s390: f7aa904838a1309887da54444097bcd8 krb5-debuginfo-1.3.4-49.s390.rpm 4949a26a347fbc4604c86dae30d5d187 krb5-devel-1.3.4-49.s390.rpm 87af5e561f5f50397b0523ebed0bc4d0 krb5-libs-1.3.4-49.s390.rpm 05f6afee497706fd56f8a29260b46a82 krb5-server-1.3.4-49.s390.rpm f08171179038a61920c2ca261d91bb67 krb5-workstation-1.3.4-49.s390.rpm
s390x: f7aa904838a1309887da54444097bcd8 krb5-debuginfo-1.3.4-49.s390.rpm 5d4ce43cf23e05dcecf3925206b45f73 krb5-debuginfo-1.3.4-49.s390x.rpm 960e8a982fceea58ea7b617c00445dd0 krb5-devel-1.3.4-49.s390x.rpm 87af5e561f5f50397b0523ebed0bc4d0 krb5-libs-1.3.4-49.s390.rpm 24c67d15da32251725ec76b4aeaec7ad krb5-libs-1.3.4-49.s390x.rpm 19c506e2e0c8c6592e799cd7e95bc1d4 krb5-server-1.3.4-49.s390x.rpm 17d13fc645f2c8c9c2ee6adc31e16a26 krb5-workstation-1.3.4-49.s390x.rpm
x86_64: 9e3db992036d070d8932180873098150 krb5-debuginfo-1.3.4-49.i386.rpm 5418edb6f780481f4fc581ea931c0249 krb5-debuginfo-1.3.4-49.x86_64.rpm 203b9502c0d5603f21da65eff1aac97e krb5-devel-1.3.4-49.x86_64.rpm a98a07dbc3bb70a29be7abf1f9413514 krb5-libs-1.3.4-49.i386.rpm 5a52bd88b120e3fbc675b6f83e001679 krb5-libs-1.3.4-49.x86_64.rpm 90e96766548f63e93928bb5d6a1b6c2a krb5-server-1.3.4-49.x86_64.rpm eb922c5ad814e73069f201ac703b3c40 krb5-workstation-1.3.4-49.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/krb5-1.3.4-49.src.rpm 31d66f8b81a412d2b527a1d2e34a6e29 krb5-1.3.4-49.src.rpm
i386: 9e3db992036d070d8932180873098150 krb5-debuginfo-1.3.4-49.i386.rpm cb0671a2c26fea448cc88e973513de5e krb5-devel-1.3.4-49.i386.rpm a98a07dbc3bb70a29be7abf1f9413514 krb5-libs-1.3.4-49.i386.rpm 4ae9d98926bb5b88562d2a9df1d5b019 krb5-server-1.3.4-49.i386.rpm 292e2aba8e5f54b252d8c2dcae346c2c krb5-workstation-1.3.4-49.i386.rpm
x86_64: 9e3db992036d070d8932180873098150 krb5-debuginfo-1.3.4-49.i386.rpm 5418edb6f780481f4fc581ea931c0249 krb5-debuginfo-1.3.4-49.x86_64.rpm 203b9502c0d5603f21da65eff1aac97e krb5-devel-1.3.4-49.x86_64.rpm a98a07dbc3bb70a29be7abf1f9413514 krb5-libs-1.3.4-49.i386.rpm 5a52bd88b120e3fbc675b6f83e001679 krb5-libs-1.3.4-49.x86_64.rpm 90e96766548f63e93928bb5d6a1b6c2a krb5-server-1.3.4-49.x86_64.rpm eb922c5ad814e73069f201ac703b3c40 krb5-workstation-1.3.4-49.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/krb5-1.3.4-49.src.rpm 31d66f8b81a412d2b527a1d2e34a6e29 krb5-1.3.4-49.src.rpm
i386: 9e3db992036d070d8932180873098150 krb5-debuginfo-1.3.4-49.i386.rpm cb0671a2c26fea448cc88e973513de5e krb5-devel-1.3.4-49.i386.rpm a98a07dbc3bb70a29be7abf1f9413514 krb5-libs-1.3.4-49.i386.rpm 4ae9d98926bb5b88562d2a9df1d5b019 krb5-server-1.3.4-49.i386.rpm 292e2aba8e5f54b252d8c2dcae346c2c krb5-workstation-1.3.4-49.i386.rpm
ia64: 9e3db992036d070d8932180873098150 krb5-debuginfo-1.3.4-49.i386.rpm 9b548a0ef35ea35fd9679ccf42703ec6 krb5-debuginfo-1.3.4-49.ia64.rpm 14661d7ee6d5005c074bbed129cfac43 krb5-devel-1.3.4-49.ia64.rpm a98a07dbc3bb70a29be7abf1f9413514 krb5-libs-1.3.4-49.i386.rpm 09a2550dc627f1eeda901a1884a04a2f krb5-libs-1.3.4-49.ia64.rpm 03c9f1f5d4bcc5921574167506a67fcd krb5-server-1.3.4-49.ia64.rpm 5292efc768b6d6f2ee260a906fc3e46e krb5-workstation-1.3.4-49.ia64.rpm
x86_64: 9e3db992036d070d8932180873098150 krb5-debuginfo-1.3.4-49.i386.rpm 5418edb6f780481f4fc581ea931c0249 krb5-debuginfo-1.3.4-49.x86_64.rpm 203b9502c0d5603f21da65eff1aac97e krb5-devel-1.3.4-49.x86_64.rpm a98a07dbc3bb70a29be7abf1f9413514 krb5-libs-1.3.4-49.i386.rpm 5a52bd88b120e3fbc675b6f83e001679 krb5-libs-1.3.4-49.x86_64.rpm 90e96766548f63e93928bb5d6a1b6c2a krb5-server-1.3.4-49.x86_64.rpm eb922c5ad814e73069f201ac703b3c40 krb5-workstation-1.3.4-49.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/krb5-1.3.4-49.src.rpm 31d66f8b81a412d2b527a1d2e34a6e29 krb5-1.3.4-49.src.rpm
i386: 9e3db992036d070d8932180873098150 krb5-debuginfo-1.3.4-49.i386.rpm cb0671a2c26fea448cc88e973513de5e krb5-devel-1.3.4-49.i386.rpm a98a07dbc3bb70a29be7abf1f9413514 krb5-libs-1.3.4-49.i386.rpm 4ae9d98926bb5b88562d2a9df1d5b019 krb5-server-1.3.4-49.i386.rpm 292e2aba8e5f54b252d8c2dcae346c2c krb5-workstation-1.3.4-49.i386.rpm
ia64: 9e3db992036d070d8932180873098150 krb5-debuginfo-1.3.4-49.i386.rpm 9b548a0ef35ea35fd9679ccf42703ec6 krb5-debuginfo-1.3.4-49.ia64.rpm 14661d7ee6d5005c074bbed129cfac43 krb5-devel-1.3.4-49.ia64.rpm a98a07dbc3bb70a29be7abf1f9413514 krb5-libs-1.3.4-49.i386.rpm 09a2550dc627f1eeda901a1884a04a2f krb5-libs-1.3.4-49.ia64.rpm 03c9f1f5d4bcc5921574167506a67fcd krb5-server-1.3.4-49.ia64.rpm 5292efc768b6d6f2ee260a906fc3e46e krb5-workstation-1.3.4-49.ia64.rpm
x86_64: 9e3db992036d070d8932180873098150 krb5-debuginfo-1.3.4-49.i386.rpm 5418edb6f780481f4fc581ea931c0249 krb5-debuginfo-1.3.4-49.x86_64.rpm 203b9502c0d5603f21da65eff1aac97e krb5-devel-1.3.4-49.x86_64.rpm a98a07dbc3bb70a29be7abf1f9413514 krb5-libs-1.3.4-49.i386.rpm 5a52bd88b120e3fbc675b6f83e001679 krb5-libs-1.3.4-49.x86_64.rpm 90e96766548f63e93928bb5d6a1b6c2a krb5-server-1.3.4-49.x86_64.rpm eb922c5ad814e73069f201ac703b3c40 krb5-workstation-1.3.4-49.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS: krb5-1.5-26.src.rpm 54a438d47dd34ba75bdbcfb53e9f3832 krb5-1.5-26.src.rpm
i386: 69770998edd0e2d5ca23f423091ef90f krb5-debuginfo-1.5-26.i386.rpm 875d59fc81595614b3335e5d56748edb krb5-libs-1.5-26.i386.rpm 88c301cc700f2d211c900f7c3837b619 krb5-workstation-1.5-26.i386.rpm
x86_64: 69770998edd0e2d5ca23f423091ef90f krb5-debuginfo-1.5-26.i386.rpm 9c4fbfa8b727102963f2d0212e0b6ef3 krb5-debuginfo-1.5-26.x86_64.rpm 875d59fc81595614b3335e5d56748edb krb5-libs-1.5-26.i386.rpm ba62d04600f6c5cc8d30d309e9d72bf1 krb5-libs-1.5-26.x86_64.rpm 6500bf11d424a8249d5f375c23f01f73 krb5-workstation-1.5-26.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
SRPMS: krb5-1.5-26.src.rpm 54a438d47dd34ba75bdbcfb53e9f3832 krb5-1.5-26.src.rpm
i386: 69770998edd0e2d5ca23f423091ef90f krb5-debuginfo-1.5-26.i386.rpm 0e031dbfc8ae4ce42c1554d9859f4439 krb5-devel-1.5-26.i386.rpm 87ae5719718af36d6857fd88c99ee4d5 krb5-server-1.5-26.i386.rpm
x86_64: 69770998edd0e2d5ca23f423091ef90f krb5-debuginfo-1.5-26.i386.rpm 9c4fbfa8b727102963f2d0212e0b6ef3 krb5-debuginfo-1.5-26.x86_64.rpm 0e031dbfc8ae4ce42c1554d9859f4439 krb5-devel-1.5-26.i386.rpm 8c43a19f27676d6a98b679685467ad2a krb5-devel-1.5-26.x86_64.rpm 0fddf58301fb29cfb89d68c6d3ced90c krb5-server-1.5-26.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS: krb5-1.5-26.src.rpm 54a438d47dd34ba75bdbcfb53e9f3832 krb5-1.5-26.src.rpm
i386: 69770998edd0e2d5ca23f423091ef90f krb5-debuginfo-1.5-26.i386.rpm 0e031dbfc8ae4ce42c1554d9859f4439 krb5-devel-1.5-26.i386.rpm 875d59fc81595614b3335e5d56748edb krb5-libs-1.5-26.i386.rpm 87ae5719718af36d6857fd88c99ee4d5 krb5-server-1.5-26.i386.rpm 88c301cc700f2d211c900f7c3837b619 krb5-workstation-1.5-26.i386.rpm
ia64: 69770998edd0e2d5ca23f423091ef90f krb5-debuginfo-1.5-26.i386.rpm a0f8f3df4bbdb5e94ff556946e83a60e krb5-debuginfo-1.5-26.ia64.rpm 5ef813b691ab5a95f2b7af3cfcf21bf0 krb5-devel-1.5-26.ia64.rpm 875d59fc81595614b3335e5d56748edb krb5-libs-1.5-26.i386.rpm c25c1b5f6ae401c0728b58c98d6fabd5 krb5-libs-1.5-26.ia64.rpm 8063d46e7fd2afd3966eb38ac8833f8e krb5-server-1.5-26.ia64.rpm 96ce7fd870d01058e5ccb37160f07d58 krb5-workstation-1.5-26.ia64.rpm
ppc: cc6950cde10d3e9b5327ae4eadb757ab krb5-debuginfo-1.5-26.ppc.rpm 6b3d8dd0c4c01c582995d85d277e9a3c krb5-debuginfo-1.5-26.ppc64.rpm c401f61001797ec5e397baee3517d3e6 krb5-devel-1.5-26.ppc.rpm 55f2c0ea136eee94cd39fb3a5294bc62 krb5-devel-1.5-26.ppc64.rpm 8f64c9b4ba5ca67e1a9329a8dc5df14a krb5-libs-1.5-26.ppc.rpm 2f54d3558e176b07de92d34893202525 krb5-libs-1.5-26.ppc64.rpm 3c69961f371ad75f4149e5c30d9f6f08 krb5-server-1.5-26.ppc.rpm ebada313d9561eabcde7f6b564c759cd krb5-workstation-1.5-26.ppc.rpm
s390x: 8a08d38f1a832aa1c705df1590391ba9 krb5-debuginfo-1.5-26.s390.rpm 580abd3b672ca61323110f079222acb1 krb5-debuginfo-1.5-26.s390x.rpm 18ce9444dba20d59d422aec6fd917867 krb5-devel-1.5-26.s390.rpm 9f8f941f62fa7ebc843e01f55fad337c krb5-devel-1.5-26.s390x.rpm 85a77396b0595f996844ecc751d3e812 krb5-libs-1.5-26.s390.rpm b9cae4f992f458f94c05437403e11d63 krb5-libs-1.5-26.s390x.rpm 6c68e84c637613a5847d002a5fbbe8f0 krb5-server-1.5-26.s390x.rpm 04c192622a4b8cdd77d2a7b975b78f55 krb5-workstation-1.5-26.s390x.rpm
x86_64: 69770998edd0e2d5ca23f423091ef90f krb5-debuginfo-1.5-26.i386.rpm 9c4fbfa8b727102963f2d0212e0b6ef3 krb5-debuginfo-1.5-26.x86_64.rpm 0e031dbfc8ae4ce42c1554d9859f4439 krb5-devel-1.5-26.i386.rpm 8c43a19f27676d6a98b679685467ad2a krb5-devel-1.5-26.x86_64.rpm 875d59fc81595614b3335e5d56748edb krb5-libs-1.5-26.i386.rpm ba62d04600f6c5cc8d30d309e9d72bf1 krb5-libs-1.5-26.x86_64.rpm 0fddf58301fb29cfb89d68c6d3ced90c krb5-server-1.5-26.x86_64.rpm 6500bf11d424a8249d5f375c23f01f73 krb5-workstation-1.5-26.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798 http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGgWEvXlSAg2UNWIIRAgR9AJ0fr6dNUpVnlchc61BFJMUPuwr1zACgj0TI gX8igBrxPqScFGmUU33fGbE= =rUM/ -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|