Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in krb5
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in krb5
ID: MDVSA-2008:071
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0
Datum: Mi, 19. März 2008, 23:17
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
Applikationen: krb5

Originalnachricht

This is a multi-part message in MIME format...

------------=_1205965020-11275-1452


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:071
http://www.mandriva.com/security/
_______________________________________________________________________

Package : krb5
Date : March 19, 2008
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4
protocol packets. An unauthenticated remote attacker could use this
flaw to crash the krb5kdc daemon, disclose portions of its memory,
or possibly %execute arbitrary code using malformed or truncated
Kerberos v4 protocol requests (CVE-2008-0062, CVE-2008-0063).

This issue only affects krb5kdc when it has Kerberos v4 protocol
compatibility enabled, which is a compiled-in default in all
Kerberos versions that Mandriva Linux ships prior to Mandriva
Linux 2008.0. Kerberos v4 protocol support can be disabled by
adding v4_mode=none (without quotes) to the [kdcdefaults] section
of /etc/kerberos/krb5kdc/kdc.conf.

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
d671c7e0f68642556b1ba5a33d26eaf8
corporate/3.0/i586/ftp-client-krb5-1.3-6.10.C30mdk.i586.rpm
9e5a2591cee10ed62948f6d30e836863
corporate/3.0/i586/ftp-server-krb5-1.3-6.10.C30mdk.i586.rpm
7e8fc318772ff7dcd22f5b1c81bbfe6d
corporate/3.0/i586/krb5-server-1.3-6.10.C30mdk.i586.rpm
45838af9454ffc5f6c06a505b4468c83
corporate/3.0/i586/krb5-workstation-1.3-6.10.C30mdk.i586.rpm
fbdb6f71d9e2a939bbea33312b74c998
corporate/3.0/i586/libkrb51-1.3-6.10.C30mdk.i586.rpm
50f964ee10fc744553a862c918913b03
corporate/3.0/i586/libkrb51-devel-1.3-6.10.C30mdk.i586.rpm
667270f39306bd837b08b310a189f75d
corporate/3.0/i586/telnet-client-krb5-1.3-6.10.C30mdk.i586.rpm
a5a4a1a64c14164e1755ad37e35cf99d
corporate/3.0/i586/telnet-server-krb5-1.3-6.10.C30mdk.i586.rpm
07535be43a1e339a0ba69cc167fbb530
corporate/3.0/SRPMS/krb5-1.3-6.10.C30mdk.src.rpm

Corporate 3.0/X86_64:
0f693533eea0d49c60b20c40e6b5a872
corporate/3.0/x86_64/ftp-client-krb5-1.3-6.10.C30mdk.x86_64.rpm
061429249b1cc62647c3a95d6b2a3d8b
corporate/3.0/x86_64/ftp-server-krb5-1.3-6.10.C30mdk.x86_64.rpm
bda82007dd59af28240d51ca020370d1
corporate/3.0/x86_64/krb5-server-1.3-6.10.C30mdk.x86_64.rpm
9d7e810eacfc17774ee33a438cdc196d
corporate/3.0/x86_64/krb5-workstation-1.3-6.10.C30mdk.x86_64.rpm
b4abcda997c06b142bbae27cf3e617ef
corporate/3.0/x86_64/lib64krb51-1.3-6.10.C30mdk.x86_64.rpm
e3692fe347ec21c7fd25a581ef817d66
corporate/3.0/x86_64/lib64krb51-devel-1.3-6.10.C30mdk.x86_64.rpm
c5da9da1f3aa15a0966f8d1644748340
corporate/3.0/x86_64/telnet-client-krb5-1.3-6.10.C30mdk.x86_64.rpm
fd9ff563b0d3d58705eb3b2b4aeebc11
corporate/3.0/x86_64/telnet-server-krb5-1.3-6.10.C30mdk.x86_64.rpm
07535be43a1e339a0ba69cc167fbb530
corporate/3.0/SRPMS/krb5-1.3-6.10.C30mdk.src.rpm

Multi Network Firewall 2.0:
fa4c3506c056e55862b4db41e134db1c
mnf/2.0/i586/libkrb51-1.3-6.10.M20mdk.i586.rpm
5c5caff1487f3284ba0c9529a831405e mnf/2.0/SRPMS/krb5-1.3-6.10.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFH4WQ2mqjQ0CJFipgRAme0AJ9fNnZituwkl8Yx1PIECEds/A5s0QCg1ETW
G9i9EWrOhEC/prfZ6UhjyX8=
=RDH6
-----END PGP SIGNATURE-----


------------=_1205965020-11275-1452
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1205965020-11275-1452--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung