Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in krb5
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in krb5
ID: MDVSA-2015:069
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0, Mandriva Business Server 2.0
Datum: Fr, 27. März 2015, 18:39
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423
Applikationen: MIT Kerberos

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1427474186-21314-7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:069
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : krb5
 Date    : March 27, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in krb5:
 
 The krb5_gss_process_context_token function in
 lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library
 in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2,
 and 1.13.x before 1.13.1 does not properly maintain security-context
 handles, which allows remote authenticated users to cause a denial of
 service (use-after-free and double free, and daemon crash) or possibly
 execute arbitrary code via crafted GSSAPI traffic, as demonstrated
 by traffic to kadmind (CVE-2014-5352).
 
 MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that
 a krb5_read_message data field is represented as a string ending
 with a '\0' character, which allows remote attackers to (1)
 cause a
 denial of service (NULL pointer dereference) via a zero-byte version
 string or (2) cause a denial of service (out-of-bounds read) by
 omitting the '\0' character, related to
 appl/user_user/server.c and
 lib/krb5/krb/recvauth.c (CVE-2014-5355).
 
 The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c
 in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2,
 and 1.13.x before 1.13.1 does not properly handle partial XDR
 deserialization, which allows remote authenticated users to cause
 a denial of service (use-after-free and double free, and daemon
 crash) or possibly execute arbitrary code via malformed XDR data,
 as demonstrated by data sent to kadmind (CVE-2014-9421).
 
 The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in
 kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through
 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to
 bypass a kadmin/* authorization check and obtain administrative access
 by leveraging access to a two-component principal with an initial
 kadmind substring, as demonstrated by a ka/x principal (CVE-2014-9422).
 
 The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c
 in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through
 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer
 data to clients, which allows remote attackers to obtain sensitive
 information from process heap memory by sniffing the network for data
 in a handle field (CVE-2014-9423).
 
 The updated packages provides a solution for these security issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 d16c14ab1f1118f6a45ca8b10946592d  mbs1/x86_64/krb5-1.9.2-3.9.mbs1.x86_64.rpm
 69550d4ca7209fd770d12f860dc79384 
 mbs1/x86_64/krb5-pkinit-openssl-1.9.2-3.9.mbs1.x86_64.rpm
 9efe0acd6d6c74fa2a909e9a9ffde20d 
 mbs1/x86_64/krb5-server-1.9.2-3.9.mbs1.x86_64.rpm
 11a94275292d6274d1ed4f97a1130f42 
 mbs1/x86_64/krb5-server-ldap-1.9.2-3.9.mbs1.x86_64.rpm
 fcc1186dd10cb14a2dc53f18505692b6 
 mbs1/x86_64/krb5-workstation-1.9.2-3.9.mbs1.x86_64.rpm
 6066de4cc667f3c1131d5aefd9e6d575 
 mbs1/x86_64/lib64krb53-1.9.2-3.9.mbs1.x86_64.rpm
 f2fc9461926ca7002dffbcc799e6050a 
 mbs1/x86_64/lib64krb53-devel-1.9.2-3.9.mbs1.x86_64.rpm 
 0d75002a9a47138a816f44dd54f5d988  mbs1/SRPMS/krb5-1.9.2-3.9.mbs1.src.rpm

 Mandriva Business Server 2/X86_64:
 d1d41c48bba7fc797361b0b0c1dc3cac  mbs2/x86_64/krb5-1.12.2-5.2.mbs2.x86_64.rpm
 36f8ec3d0e0c417dcfa4a6dd4944511f 
 mbs2/x86_64/krb5-pkinit-openssl-1.12.2-5.2.mbs2.x86_64.rpm
 db5ca7ca6bcd12a84a80e9f9e87989b7 
 mbs2/x86_64/krb5-server-1.12.2-5.2.mbs2.x86_64.rpm
 7733ebaaa61857f6603c3b83e646f840 
 mbs2/x86_64/krb5-server-ldap-1.12.2-5.2.mbs2.x86_64.rpm
 b44248c417e0a7fdd424608fa14d6cb6 
 mbs2/x86_64/krb5-workstation-1.12.2-5.2.mbs2.x86_64.rpm
 35c0bb1be4397c3a0b35e47b0b19ce48 
 mbs2/x86_64/lib64krb53-1.12.2-5.2.mbs2.x86_64.rpm
 1bd6f285438bd3c467ba6a31f9637ad1 
 mbs2/x86_64/lib64krb53-devel-1.12.2-5.2.mbs2.x86_64.rpm 
 2cbc3f6dc36592f29d219032fd1c2a5b  mbs2/SRPMS/krb5-1.12.2-5.2.mbs2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFXh8mqjQ0CJFipgRAl7VAJ45HBQZktx6Krmqmm70+JWinSoZ2ACfShV0
snDp2iHrVdrynbk0NtkpsOw=
=CKC9
-----END PGP SIGNATURE-----


------------=_1427474186-21314-7
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://store.mandriva.com
_______________________________________________________


------------=_1427474186-21314-7--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung