Home page logo
/

bugtraq logo Bugtraq mailing list archives

[ MDVSA-2010:246 ] krb5
From: security () mandriva com
Date: Wed, 01 Dec 2010 03:14:01 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:246
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : krb5
 Date    : November 30, 2010
 Affected: 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in krb5:
 
 An unauthenticated remote attacker could alter a SAM-2 challenge,
 affecting the prompt text seen by the user or the kind of response
 sent to the KDC. Under some circumstances, this can negate the
 incremental security benefit of using a single-use authentication
 mechanism token. An unauthenticated remote attacker has a 1/256
 chance of forging KRB-SAFE messages in an application protocol if the
 targeted pre-existing session uses an RC4 session key.  Few application
 protocols use KRB-SAFE messages (CVE-2010-1323).
 
 An unauthenticated remote attacker can forge GSS tokens that
 are intended to be integrity-protected but unencrypted, if the
 targeted pre-existing application session uses a DES session key. An
 authenticated remote attacker can forge PACs if using a KDC that does
 not filter client-provided PAC data.  This can result in privilege
 escalation against a service that relies on PAC contents to make
 authorization decisions. An unauthenticated remote attacker has a 1/256
 chance of swapping a client-issued KrbFastReq into a different KDC-REQ,
 if the armor key is RC4.  The consequences are believed to be minor
 (CVE-2010-1324).
 
 An authenticated remote attacker that controls a legitimate service
 principal has a 1/256 chance of forging the AD-SIGNEDPATH signature
 if the TGT key is RC4, allowing it to use self-generated evidence
 tickets for S4U2Proxy, instead of tickets obtained from the user or
 with S4U2Self.  Configurations using RC4 for the TGT key are believed
 to be rare. An authenticated remote attacker has a 1/256 chance of
 forging AD-KDC-ISSUED signatures on authdata elements in tickets
 having an RC4 service key, resulting in privilege escalation against
 a service that relies on these signatures.  There are no known uses
 of the KDC-ISSUED authdata container at this time (CVE-2010-4020.
 
 An authenticated remote attacker that controls a legitimate service
 principal could obtain a valid service ticket to itself containing
 valid KDC-generated authorization data for a client whose TGS-REQ
 it has intercepted.  The attacker could then use this ticket for
 S4U2Proxy to impersonate the targeted client even if the client never
 authenticated to the subverted service.  The vulnerable configuration
 is believed to be rare (CVE-2010-4021).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1324
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4020
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4021
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 317a56866c53118e056d608da7816501  2010.1/i586/krb5-1.8.1-5.2mdv2010.1.i586.rpm
 68e604c5a993bd22e070497c3715bfd8  2010.1/i586/krb5-pkinit-openssl-1.8.1-5.2mdv2010.1.i586.rpm
 3a476ea497511ba4bfc0f9f43b70119f  2010.1/i586/krb5-server-1.8.1-5.2mdv2010.1.i586.rpm
 157af42ca6878241e980f58bd88907ed  2010.1/i586/krb5-server-ldap-1.8.1-5.2mdv2010.1.i586.rpm
 8d9eda88b29423366de6010987760e66  2010.1/i586/krb5-workstation-1.8.1-5.2mdv2010.1.i586.rpm
 9939fd490b146b8e26daf85b04532e61  2010.1/i586/libkrb53-1.8.1-5.2mdv2010.1.i586.rpm
 1970bef02c46809aef5ca1b44c8069c1  2010.1/i586/libkrb53-devel-1.8.1-5.2mdv2010.1.i586.rpm 
 b0409a3b64885ed84ef9cc04968be3f7  2010.1/SRPMS/krb5-1.8.1-5.2mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 71db4c06e7e87c9faa0318ddc0562707  2010.1/x86_64/krb5-1.8.1-5.2mdv2010.1.x86_64.rpm
 04cd23f2d43a498ccba0868195f23490  2010.1/x86_64/krb5-pkinit-openssl-1.8.1-5.2mdv2010.1.x86_64.rpm
 b66e2c6625cc69131e4d1b44d7c05534  2010.1/x86_64/krb5-server-1.8.1-5.2mdv2010.1.x86_64.rpm
 ceb54db5b54e163c548cd84249266192  2010.1/x86_64/krb5-server-ldap-1.8.1-5.2mdv2010.1.x86_64.rpm
 1508414b03cf6b12f583249c4b0be6ee  2010.1/x86_64/krb5-workstation-1.8.1-5.2mdv2010.1.x86_64.rpm
 e75aa825ac83bddfc61a00dd7daf33fb  2010.1/x86_64/lib64krb53-1.8.1-5.2mdv2010.1.x86_64.rpm
 83acc481c2ab4cdb18df2a1719e6a57a  2010.1/x86_64/lib64krb53-devel-1.8.1-5.2mdv2010.1.x86_64.rpm 
 b0409a3b64885ed84ef9cc04968be3f7  2010.1/SRPMS/krb5-1.8.1-5.2mdv2010.1.src.rpm

 Mandriva Enterprise Server 5:
 cafa2595564ca56d375c34706d052cbd  mes5/i586/krb5-1.8.1-0.3mdvmes5.1.i586.rpm
 9e964b4e75ef29006b4d9c9c7d4b0580  mes5/i586/krb5-pkinit-openssl-1.8.1-0.3mdvmes5.1.i586.rpm
 c745399130544a19ae434c93a25e705d  mes5/i586/krb5-server-1.8.1-0.3mdvmes5.1.i586.rpm
 b9f780014082d8779b2c70814cb61152  mes5/i586/krb5-server-ldap-1.8.1-0.3mdvmes5.1.i586.rpm
 2da137c3dd3765452349d0514d0183f1  mes5/i586/krb5-workstation-1.8.1-0.3mdvmes5.1.i586.rpm
 85c4e6711c347bd7b9562d951c951e94  mes5/i586/libkrb53-1.8.1-0.3mdvmes5.1.i586.rpm
 bdb842aaaffdad42969416f3e61bbce9  mes5/i586/libkrb53-devel-1.8.1-0.3mdvmes5.1.i586.rpm 
 3cc5cc2331d3ff2805850d14fcbccf35  mes5/SRPMS/krb5-1.8.1-0.3mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 ffdd682d681783fddeada0cd0e605757  mes5/x86_64/krb5-1.8.1-0.3mdvmes5.1.x86_64.rpm
 e7b85d0d7387bd68303bc9364a711fef  mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.3mdvmes5.1.x86_64.rpm
 7717e0e24d81862ae84ff03720ca5619  mes5/x86_64/krb5-server-1.8.1-0.3mdvmes5.1.x86_64.rpm
 a5043665e33fbbe7c2a9fd6bf05fe808  mes5/x86_64/krb5-server-ldap-1.8.1-0.3mdvmes5.1.x86_64.rpm
 f367fd174eeef3097e766e8183e81c68  mes5/x86_64/krb5-workstation-1.8.1-0.3mdvmes5.1.x86_64.rpm
 f6c823372133d690539facf101d8e224  mes5/x86_64/lib64krb53-1.8.1-0.3mdvmes5.1.x86_64.rpm
 0640da1f402bdd872d8e40b8f4c62736  mes5/x86_64/lib64krb53-devel-1.8.1-0.3mdvmes5.1.x86_64.rpm 
 3cc5cc2331d3ff2805850d14fcbccf35  mes5/SRPMS/krb5-1.8.1-0.3mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM9YOomqjQ0CJFipgRAlPZAJsE6YTtQkLcCSJAD8RBAHAQ2/a0mQCfb+P6
TOZt1Ytga9P1D/l/hD5I1uA=
=J5Ih
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • [ MDVSA-2010:246 ] krb5 security (Dec 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]