Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2010:006 ] krb5
From: security () mandriva com
Date: Thu, 14 Jan 2010 03:26:00 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:006
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : krb5
 Date    : January 14, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
           Enterprise Server 5.0, Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in krb5:
 
 Multiple integer underflows in the (1) AES and (2) RC4 decryption
 functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3
 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause
 a denial of service (daemon crash) or possibly execute arbitrary code
 by providing ciphertext with a length that is too short to be valid
 (CVE-2009-4212).
 
 Packages for 2008.0 are provided for Corporate Desktop 2008.0
 customers.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 3f9877323a8682d46fc8964afe682b2a  2008.0/i586/ftp-client-krb5-1.6.2-7.4mdv2008.0.i586.rpm
 4a96d33bb0c2ebcc871dec7987271c31  2008.0/i586/ftp-server-krb5-1.6.2-7.4mdv2008.0.i586.rpm
 02f7b03f7b43d9f257ce87d470cc67dc  2008.0/i586/krb5-1.6.2-7.4mdv2008.0.i586.rpm
 33652872e25744551c5b926d172e3856  2008.0/i586/krb5-server-1.6.2-7.4mdv2008.0.i586.rpm
 8f5632e2f27e303c29d158af200f0f13  2008.0/i586/krb5-workstation-1.6.2-7.4mdv2008.0.i586.rpm
 18e849c5ea0e3a887d004bf73d07e79c  2008.0/i586/libkrb53-1.6.2-7.4mdv2008.0.i586.rpm
 b8fc5b5f329ff5c554d454798a105e14  2008.0/i586/libkrb53-devel-1.6.2-7.4mdv2008.0.i586.rpm
 95379b91c3c320b039ce77846edfff08  2008.0/i586/telnet-client-krb5-1.6.2-7.4mdv2008.0.i586.rpm
 b3b487d3d7a4f90b48b7d2ab3865989f  2008.0/i586/telnet-server-krb5-1.6.2-7.4mdv2008.0.i586.rpm 
 2036d31ad25108ec82fc1863986dfb7e  2008.0/SRPMS/krb5-1.6.2-7.4mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 301d16b552a89c7bdf8756738a9bc7be  2008.0/x86_64/ftp-client-krb5-1.6.2-7.4mdv2008.0.x86_64.rpm
 7c15e38d490ee573c86a879f855c1541  2008.0/x86_64/ftp-server-krb5-1.6.2-7.4mdv2008.0.x86_64.rpm
 1aab2b07a17ad1c5d44d8f23694f69ea  2008.0/x86_64/krb5-1.6.2-7.4mdv2008.0.x86_64.rpm
 cc72244d669ea970cfa6c16d88b5f415  2008.0/x86_64/krb5-server-1.6.2-7.4mdv2008.0.x86_64.rpm
 f9a67df29f85dc9dbe5fc6c9686e7d04  2008.0/x86_64/krb5-workstation-1.6.2-7.4mdv2008.0.x86_64.rpm
 e90cfe766adb7ee3cfd15a7cc2840926  2008.0/x86_64/lib64krb53-1.6.2-7.4mdv2008.0.x86_64.rpm
 f341ee50fb9a7f739d509bcdcea1066c  2008.0/x86_64/lib64krb53-devel-1.6.2-7.4mdv2008.0.x86_64.rpm
 910d25bf1af5e907cc58391ee57ebf33  2008.0/x86_64/telnet-client-krb5-1.6.2-7.4mdv2008.0.x86_64.rpm
 ab63da7669b7cf4b314a1401783a3c76  2008.0/x86_64/telnet-server-krb5-1.6.2-7.4mdv2008.0.x86_64.rpm 
 2036d31ad25108ec82fc1863986dfb7e  2008.0/SRPMS/krb5-1.6.2-7.4mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 a4b1364b79ec610e5ce69a6e424b0a7c  2009.0/i586/ftp-client-krb5-1.6.3-6.3mdv2009.0.i586.rpm
 fee93c3212018c016888f03f11212a96  2009.0/i586/ftp-server-krb5-1.6.3-6.3mdv2009.0.i586.rpm
 20f34652bb8f7c47686a93003ad9c5ae  2009.0/i586/krb5-1.6.3-6.3mdv2009.0.i586.rpm
 7597f35b3fba535cff3bd8902dc33d07  2009.0/i586/krb5-server-1.6.3-6.3mdv2009.0.i586.rpm
 6da86dceb4c78bee8db7b51807fec668  2009.0/i586/krb5-workstation-1.6.3-6.3mdv2009.0.i586.rpm
 fb201a257271cbdcc4593738b9113e25  2009.0/i586/libkrb53-1.6.3-6.3mdv2009.0.i586.rpm
 5942d94ad05d357c1a31dd9790368c60  2009.0/i586/libkrb53-devel-1.6.3-6.3mdv2009.0.i586.rpm
 2c7635939ff41721ea0c6cba421815c1  2009.0/i586/telnet-client-krb5-1.6.3-6.3mdv2009.0.i586.rpm
 1ca5ef8f0a48b9fc1e8c36a8dd362075  2009.0/i586/telnet-server-krb5-1.6.3-6.3mdv2009.0.i586.rpm 
 e7fd2cc66b4e98da26c3f91af3cbc525  2009.0/SRPMS/krb5-1.6.3-6.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 6275f96cc4343d9ba150bfb69a48c7b8  2009.0/x86_64/ftp-client-krb5-1.6.3-6.3mdv2009.0.x86_64.rpm
 42fbda00420d8f44d75a4c9fab3ad9d5  2009.0/x86_64/ftp-server-krb5-1.6.3-6.3mdv2009.0.x86_64.rpm
 936801a3bdee5c5b9e607bb7cd3d62c5  2009.0/x86_64/krb5-1.6.3-6.3mdv2009.0.x86_64.rpm
 b56dbdd4152d22ee2acba1742ce74004  2009.0/x86_64/krb5-server-1.6.3-6.3mdv2009.0.x86_64.rpm
 8ae88653dc5691c0c7a1f332e5a33642  2009.0/x86_64/krb5-workstation-1.6.3-6.3mdv2009.0.x86_64.rpm
 99d8806257038016407df425343c56de  2009.0/x86_64/lib64krb53-1.6.3-6.3mdv2009.0.x86_64.rpm
 774240afcd37643f1679c4b9a9ce3962  2009.0/x86_64/lib64krb53-devel-1.6.3-6.3mdv2009.0.x86_64.rpm
 ee345eaba4e7fa8a72a2a913afeb9e9c  2009.0/x86_64/telnet-client-krb5-1.6.3-6.3mdv2009.0.x86_64.rpm
 7347799b83f403d542a4508a21fa3183  2009.0/x86_64/telnet-server-krb5-1.6.3-6.3mdv2009.0.x86_64.rpm 
 e7fd2cc66b4e98da26c3f91af3cbc525  2009.0/SRPMS/krb5-1.6.3-6.3mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 bd940c4dbe3bbbf108b594cd9244371d  2009.1/i586/ftp-client-krb5-1.6.3-9.1mdv2009.1.i586.rpm
 41a83f30682b4561faa3dc7870b1231c  2009.1/i586/ftp-server-krb5-1.6.3-9.1mdv2009.1.i586.rpm
 5b29f9816936b6e7afa9b63820b95808  2009.1/i586/krb5-1.6.3-9.1mdv2009.1.i586.rpm
 8aafae4efbb0e8d1857cf96e2997688d  2009.1/i586/krb5-server-1.6.3-9.1mdv2009.1.i586.rpm
 630032e65b25747cafa372e574ba1586  2009.1/i586/krb5-workstation-1.6.3-9.1mdv2009.1.i586.rpm
 b31943f4cafc6ef9ffecc1608c99905e  2009.1/i586/libkrb53-1.6.3-9.1mdv2009.1.i586.rpm
 75fc0bd8c2b539960b01f174e72f54e4  2009.1/i586/libkrb53-devel-1.6.3-9.1mdv2009.1.i586.rpm
 12be918c75c4f7cb5f4784f60b2ec158  2009.1/i586/telnet-client-krb5-1.6.3-9.1mdv2009.1.i586.rpm
 01ec226f86423f5c6cf8b30d4c29db87  2009.1/i586/telnet-server-krb5-1.6.3-9.1mdv2009.1.i586.rpm 
 02b9bf1009a7e3008ed7cae62b675f55  2009.1/SRPMS/krb5-1.6.3-9.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 cef0e37c65bfb093867178fca02ab907  2009.1/x86_64/ftp-client-krb5-1.6.3-9.1mdv2009.1.x86_64.rpm
 a7ac92a92d0b8c32650270c16b0283d9  2009.1/x86_64/ftp-server-krb5-1.6.3-9.1mdv2009.1.x86_64.rpm
 c9f6ff66414fc599a6cab64a97467024  2009.1/x86_64/krb5-1.6.3-9.1mdv2009.1.x86_64.rpm
 538d4e0927a67a94b71b2dff60ba7316  2009.1/x86_64/krb5-server-1.6.3-9.1mdv2009.1.x86_64.rpm
 0ba16572e547c68e1cf2f92e5dcfe15b  2009.1/x86_64/krb5-workstation-1.6.3-9.1mdv2009.1.x86_64.rpm
 3e663e156b9ae82e0fadf8b6f46690c7  2009.1/x86_64/lib64krb53-1.6.3-9.1mdv2009.1.x86_64.rpm
 2e680d93f015df4d90bce51c88cda06b  2009.1/x86_64/lib64krb53-devel-1.6.3-9.1mdv2009.1.x86_64.rpm
 2cbec209ac41a9ac6abdbd68cb41026f  2009.1/x86_64/telnet-client-krb5-1.6.3-9.1mdv2009.1.x86_64.rpm
 774a2db3e4d5cac26a6ebccf38515263  2009.1/x86_64/telnet-server-krb5-1.6.3-9.1mdv2009.1.x86_64.rpm 
 02b9bf1009a7e3008ed7cae62b675f55  2009.1/SRPMS/krb5-1.6.3-9.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 9564e64639655042be33cfb07adc5b0b  2010.0/i586/ftp-client-krb5-1.6.3-10.1mdv2010.0.i586.rpm
 a865166a92ce13223b4190c7fb565a33  2010.0/i586/ftp-server-krb5-1.6.3-10.1mdv2010.0.i586.rpm
 688a8ecbdd3bb15d58dc8295644bb156  2010.0/i586/krb5-1.6.3-10.1mdv2010.0.i586.rpm
 97b7799f4c8d6c94a48bb9b3f26011c0  2010.0/i586/krb5-server-1.6.3-10.1mdv2010.0.i586.rpm
 4bfc674dc65684e19ec8227aed05a197  2010.0/i586/krb5-workstation-1.6.3-10.1mdv2010.0.i586.rpm
 9091b1c647849b00eb5c21b2fa94c2e4  2010.0/i586/libkrb53-1.6.3-10.1mdv2010.0.i586.rpm
 f4f3e295f6df824bed200dcf279ca783  2010.0/i586/libkrb53-devel-1.6.3-10.1mdv2010.0.i586.rpm
 ff64a92f06e6f195858df9bf9c8ed553  2010.0/i586/telnet-client-krb5-1.6.3-10.1mdv2010.0.i586.rpm
 3b69b319ddf80606333f4ba9f2eaab1e  2010.0/i586/telnet-server-krb5-1.6.3-10.1mdv2010.0.i586.rpm 
 eed078830ca8c373a67a36659f4156f7  2010.0/SRPMS/krb5-1.6.3-10.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 a8ca79e8c3545f27cccec7263938fa58  2010.0/x86_64/ftp-client-krb5-1.6.3-10.1mdv2010.0.x86_64.rpm
 61ea43e5c1231ced9d4dbe512797d95c  2010.0/x86_64/ftp-server-krb5-1.6.3-10.1mdv2010.0.x86_64.rpm
 55dfc203493c90de20dac60b68e459c6  2010.0/x86_64/krb5-1.6.3-10.1mdv2010.0.x86_64.rpm
 6a5c2e2650a76a04d14cf2192dc538b4  2010.0/x86_64/krb5-server-1.6.3-10.1mdv2010.0.x86_64.rpm
 be19d730d33044d4590173e3e9ba2133  2010.0/x86_64/krb5-workstation-1.6.3-10.1mdv2010.0.x86_64.rpm
 a8d3b964ad62ff26949ecd00db886bff  2010.0/x86_64/lib64krb53-1.6.3-10.1mdv2010.0.x86_64.rpm
 f459014d92766147b96cbd9d66080d9d  2010.0/x86_64/lib64krb53-devel-1.6.3-10.1mdv2010.0.x86_64.rpm
 7a74b79812a6698fe525c72dd98d921e  2010.0/x86_64/telnet-client-krb5-1.6.3-10.1mdv2010.0.x86_64.rpm
 577e8189b4f47b9842ec8efdbd6c8807  2010.0/x86_64/telnet-server-krb5-1.6.3-10.1mdv2010.0.x86_64.rpm 
 eed078830ca8c373a67a36659f4156f7  2010.0/SRPMS/krb5-1.6.3-10.1mdv2010.0.src.rpm

 Corporate 4.0:
 11d1e94b3a744f25b1f213f503a8b55b  corporate/4.0/i586/ftp-client-krb5-1.4.3-5.8.20060mlcs4.i586.rpm
 1e982756728c4ec0f6a22706e56fdc55  corporate/4.0/i586/ftp-server-krb5-1.4.3-5.8.20060mlcs4.i586.rpm
 519ea60566ff8d244ef91bc7a8e6b04e  corporate/4.0/i586/krb5-server-1.4.3-5.8.20060mlcs4.i586.rpm
 3fbc6a845ad8e98d6386970e21ed4cc7  corporate/4.0/i586/krb5-workstation-1.4.3-5.8.20060mlcs4.i586.rpm
 20f8ec3a710b7b79c9eefdc81f482ce1  corporate/4.0/i586/libkrb53-1.4.3-5.8.20060mlcs4.i586.rpm
 ad8100f3ae7d7b9aa509b3170b0ac06f  corporate/4.0/i586/libkrb53-devel-1.4.3-5.8.20060mlcs4.i586.rpm
 02fcbbb73c1215b5ce8f91a56090df6c  corporate/4.0/i586/telnet-client-krb5-1.4.3-5.8.20060mlcs4.i586.rpm
 d0dfe23c09df8bca5868a3dd3d81089d  corporate/4.0/i586/telnet-server-krb5-1.4.3-5.8.20060mlcs4.i586.rpm 
 c9dd7050a59cb960bc59d01e483c03f8  corporate/4.0/SRPMS/krb5-1.4.3-5.8.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 9905fff64fe507df407d33b2c46c557e  corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.8.20060mlcs4.x86_64.rpm
 16811f6f81fc25320addad1407adbae6  corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.8.20060mlcs4.x86_64.rpm
 7e3843649e333d06f44953ba4d4c94bd  corporate/4.0/x86_64/krb5-server-1.4.3-5.8.20060mlcs4.x86_64.rpm
 db6163aa45a273d11317520cdb0f18d9  corporate/4.0/x86_64/krb5-workstation-1.4.3-5.8.20060mlcs4.x86_64.rpm
 85c0e587bc48849e54d1e4127b66558e  corporate/4.0/x86_64/lib64krb53-1.4.3-5.8.20060mlcs4.x86_64.rpm
 6716a25c13927ca9f6e0911247a6b876  corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.8.20060mlcs4.x86_64.rpm
 99fa0b4fc421b693f54bf879bbe3c047  corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.8.20060mlcs4.x86_64.rpm
 f9cbce455397f88045252285e3a64bd8  corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.8.20060mlcs4.x86_64.rpm 
 c9dd7050a59cb960bc59d01e483c03f8  corporate/4.0/SRPMS/krb5-1.4.3-5.8.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 d50077d7d3b27f062ae467e549cd7b9f  mes5/i586/ftp-client-krb5-1.6.3-6.3mdvmes5.i586.rpm
 bf657fb82c0a36c8529ef04f0011c400  mes5/i586/ftp-server-krb5-1.6.3-6.3mdvmes5.i586.rpm
 6a4ff9bd908826bb24f1f6d9137689e4  mes5/i586/krb5-1.6.3-6.3mdvmes5.i586.rpm
 3027f3803ce6c7e2717f66b77d302bce  mes5/i586/krb5-server-1.6.3-6.3mdvmes5.i586.rpm
 d201545cdd247981dec705d241338bbf  mes5/i586/krb5-workstation-1.6.3-6.3mdvmes5.i586.rpm
 ade134ee20c6b125a70f2c5abf7e62fb  mes5/i586/libkrb53-1.6.3-6.3mdvmes5.i586.rpm
 19984a6230fcf62b212428a9b803b7b0  mes5/i586/libkrb53-devel-1.6.3-6.3mdvmes5.i586.rpm
 190a03e8f7adb0d0f8a379686cb2ebd8  mes5/i586/telnet-client-krb5-1.6.3-6.3mdvmes5.i586.rpm
 e32d3dbd5f13fc6d72eb8556a3c9e6e8  mes5/i586/telnet-server-krb5-1.6.3-6.3mdvmes5.i586.rpm 
 0a2e367569882611418e9598385060e0  mes5/SRPMS/krb5-1.6.3-6.3mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 5ea302ca4e8396db1c1f2042be2c94dc  mes5/x86_64/ftp-client-krb5-1.6.3-6.3mdvmes5.x86_64.rpm
 6a3a878b4f60c3f9120380d2fcadf2af  mes5/x86_64/ftp-server-krb5-1.6.3-6.3mdvmes5.x86_64.rpm
 90c75c976fa6a17262fed6d79caccd9d  mes5/x86_64/krb5-1.6.3-6.3mdvmes5.x86_64.rpm
 0313f491dc95f84ecc45364517e5ba67  mes5/x86_64/krb5-server-1.6.3-6.3mdvmes5.x86_64.rpm
 067614ffabfd4022f80a7d8f597040da  mes5/x86_64/krb5-workstation-1.6.3-6.3mdvmes5.x86_64.rpm
 8c78c5dda0926034d5ece745b54f00ba  mes5/x86_64/lib64krb53-1.6.3-6.3mdvmes5.x86_64.rpm
 c0c2c1ab821ea82c6d3172545f2d5964  mes5/x86_64/lib64krb53-devel-1.6.3-6.3mdvmes5.x86_64.rpm
 d03ed0167fd730966550a154dcd25dea  mes5/x86_64/telnet-client-krb5-1.6.3-6.3mdvmes5.x86_64.rpm
 d6c921c559d457fdb223b29b652946c6  mes5/x86_64/telnet-server-krb5-1.6.3-6.3mdvmes5.x86_64.rpm 
 0a2e367569882611418e9598385060e0  mes5/SRPMS/krb5-1.6.3-6.3mdvmes5.src.rpm

 Multi Network Firewall 2.0:
 8188672e283e7da25f3eb40e74e9076f  mnf/2.0/i586/ftp-client-krb5-1.3-6.12.M20mdk.i586.rpm
 fee1405f8ffd2dc543c0940622489f42  mnf/2.0/i586/ftp-server-krb5-1.3-6.12.M20mdk.i586.rpm
 a03f612767fbd3086da601342dae6976  mnf/2.0/i586/krb5-server-1.3-6.12.M20mdk.i586.rpm
 e8dede7893cea03f48ca05a916435908  mnf/2.0/i586/krb5-workstation-1.3-6.12.M20mdk.i586.rpm
 9c67f6a724c630e005fa089543db4e01  mnf/2.0/i586/libkrb51-1.3-6.12.M20mdk.i586.rpm
 dced641a293b9f03eeb6a71562a9eea9  mnf/2.0/i586/libkrb51-devel-1.3-6.12.M20mdk.i586.rpm
 37ba8ce1cef8294236737f8b5c7b9452  mnf/2.0/i586/telnet-client-krb5-1.3-6.12.M20mdk.i586.rpm
 a21c4de771c3bed1ed0ac5ee2adcc4c7  mnf/2.0/i586/telnet-server-krb5-1.3-6.12.M20mdk.i586.rpm 
 ae1202ff24cc4705c50fcf19ebbead3e  mnf/2.0/SRPMS/krb5-1.3-6.12.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLTlEsmqjQ0CJFipgRAnCcAJ0b0JhMdewhYqHwbTvOjCC6nZsZ3wCdHcmw
Ac0nN6ORevU6+zoGxZNiXL4=
=dKt1
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2010:006 ] krb5 security (Jan 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault