drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in krb5
Name: |
Mehrere Probleme in krb5 |
|
ID: |
TLSA-2008-20 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux 11 Server x64 Edition, Turbolinux 11 Server |
|
Datum: |
Di, 17. Juni 2008, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948 |
|
Applikationen: |
MIT Kerberos |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2008-20 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 16 Jun 2008 Last revised: 16 Jun 2008
Package: krb5
Summary: Four vulnerabilities discovered in krb5
More information: Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords.
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. (CVE-2008-0062)
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." (CVE-2008-0063)
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors. (CVE-2008-0947)
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors. (CVE-2008-0948)
Affected Products: - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server
<Turbolinux 11 Server x64 Edition>
Source Packages Size: MD5
krb5-1.6.2-6.src.rpm 15694136 2164e033af5b9fab1ac8f1e989e5d037
Binary Packages Size: MD5
krb5-devel-1.6.2-6.x86_64.rpm 1183326 17beca80a2c47463f4b59dc374c123e5 krb5-libs-1.6.2-6.x86_64.rpm 647569 9c8558ed8499d7a5c168efeb3884dfa0 krb5-server-1.6.2-6.x86_64.rpm 792897 d7aac1eeb348f8304626ce3f6132664c krb5-server-ldap-1.6.2-6.x86_64.rpm 100720 40b7533e3fbec8efec16fd4262a10307 krb5-workstation-1.6.2-6.x86_64.rpm 419278 f3bc804ad0ac2ec8be10ccddd5f646b8 krb5-workstation-clients-1.6.2-6.x86_64.rpm 281549 81b9bad638696d92376f5f39af5cd781 krb5-workstation-servers-1.6.2-6.x86_64.rpm 328828 1f82c7e6e9fdbbbdc8ddf3507c21096c
<Turbolinux 11 Server>
Source Packages Size: MD5
krb5-1.6.2-6.src.rpm 15694136 2164e033af5b9fab1ac8f1e989e5d037
Binary Packages Size: MD5
krb5-devel-1.6.2-6.i686.rpm 1182996 66103c59e6f7e83f7a384c0af6358459 krb5-libs-1.6.2-6.i686.rpm 594784 76f27ba0b06e005fd83fa3f2347ac4ac krb5-server-1.6.2-6.i686.rpm 773580 2618fd0313bbe240f090e51628481107 krb5-server-ldap-1.6.2-6.i686.rpm 94822 93fd3dc621f3e19586612a1fd0debd5a krb5-workstation-1.6.2-6.i686.rpm 406608 aeffd7e6b5ea9909e3751a84069b32e2 krb5-workstation-clients-1.6.2-6.i686.rpm 254299 e72727b32944dedde9718294e3165e4e krb5-workstation-servers-1.6.2-6.i686.rpm 302565 6ca1203d342802402fe710c04fcf2169
References:
CVE [CVE-2008-0062] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 [CVE-2008-0063] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 [CVE-2008-0947] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 [CVE-2008-0948] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948
-------------------------------------------------------------------------- Revision History 16 Jun 2008 Initial release --------------------------------------------------------------------------
Copyright(C) 2008 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkhV5pYACgkQK0LzjOqIJMz8eACfTgQRDNKrgSqm8/0gT/81nw6M EUIAnRxlwveMyml+BKPNRHsShIj4yMId =X5AH -----END PGP SIGNATURE-----
|
|
|
|