Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.
4c85472c6c076fc42ea60fe1902ed6ac8df4cba85d66cc80bb7857e1689352c5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:077
https://www.mandriva.com/security/
_______________________________________________________________________
Package : krb5
Date : April 4, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability was found in the username handling of the MIT krb5
telnet daemon. A remote attacker that could access the telnet port
of a target machine could login as root without requiring a password
(CVE-2007-0956).
Buffer overflows in the kadmin server daemon were discovered that could
be exploited by a remote attacker able to access the KDC. Successful
exploitation could allow for the execution of arbitrary code with the
privileges of the KDC or kadmin server processes (CVE-2007-0957).
Finally, a double-free flaw was discovered in the GSSAPI library used
by the kadmin server daemon, which could lead to a denial of service
condition or the execution of arbitrary code with the privileges of
the KDC or kadmin server processes (CVE-2007-1216).
Updated packages have been patched to address this issue.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt
https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt
https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
f76875e9839deaf87628a3c7e0a81632 2006.0/i586/ftp-client-krb5-1.4.2-2.2.20060mdk.i586.rpm
d2448392e0c350d3ca488d2e73e57f6d 2006.0/i586/ftp-server-krb5-1.4.2-2.2.20060mdk.i586.rpm
42e6330603ecaed04ea0649f7050a4c1 2006.0/i586/krb5-server-1.4.2-2.2.20060mdk.i586.rpm
adadd1cad1f1bc5f01809a508d2b8fd1 2006.0/i586/krb5-workstation-1.4.2-2.2.20060mdk.i586.rpm
ab8987522600f8e629901563e3be90c2 2006.0/i586/libkrb53-1.4.2-2.2.20060mdk.i586.rpm
7d70bb7bb821c3e91e9d062330528815 2006.0/i586/libkrb53-devel-1.4.2-2.2.20060mdk.i586.rpm
f4104abdc22e16574bcddde0a178d935 2006.0/i586/telnet-client-krb5-1.4.2-2.2.20060mdk.i586.rpm
110f54ead0abc486faa1f2b47057122b 2006.0/i586/telnet-server-krb5-1.4.2-2.2.20060mdk.i586.rpm
8cc03b4b7cc34cb3c2b53e4f9f9b73dd 2006.0/SRPMS/krb5-1.4.2-2.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
0f2d7c3fc50552aa586dd6c5b12a5b85 2006.0/x86_64/ftp-client-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
bbd94e005c67b4b94cf544b736028416 2006.0/x86_64/ftp-server-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
f406f21d7b210ae6d489c77c15d34a60 2006.0/x86_64/krb5-server-1.4.2-2.2.20060mdk.x86_64.rpm
9d00284ec202ed44e63266698a1d85e6 2006.0/x86_64/krb5-workstation-1.4.2-2.2.20060mdk.x86_64.rpm
8ca28a4cc9eb7f292a1d73b975740fab 2006.0/x86_64/lib64krb53-1.4.2-2.2.20060mdk.x86_64.rpm
565b9a19c5cf7b94dcf28e1bc1e21d2e 2006.0/x86_64/lib64krb53-devel-1.4.2-2.2.20060mdk.x86_64.rpm
5c931d032ce9d3ed91a4e4b04f20bfb8 2006.0/x86_64/telnet-client-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
27b39ae245a43322d4abbb4191da56ac 2006.0/x86_64/telnet-server-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
8cc03b4b7cc34cb3c2b53e4f9f9b73dd 2006.0/SRPMS/krb5-1.4.2-2.2.20060mdk.src.rpm
Mandriva Linux 2007.0:
6dfbc8eef1479cce19c957bbed4457aa 2007.0/i586/ftp-client-krb5-1.4.3-6.1mdv2007.0.i586.rpm
54ff3fe8a117603f8700e96f34a1b33a 2007.0/i586/ftp-server-krb5-1.4.3-6.1mdv2007.0.i586.rpm
2caf0205301d01a6be4ad1506944ba39 2007.0/i586/krb5-server-1.4.3-6.1mdv2007.0.i586.rpm
b7b4a4f4b1fa356ca6468ffece1dfce8 2007.0/i586/krb5-workstation-1.4.3-6.1mdv2007.0.i586.rpm
ab253c6ad6ecd7c15c1d150f5ed34091 2007.0/i586/libkrb53-1.4.3-6.1mdv2007.0.i586.rpm
f192ef28bb37286be1e291761d3ced9c 2007.0/i586/libkrb53-devel-1.4.3-6.1mdv2007.0.i586.rpm
d208fcaa1c5069c657815061ed3b2687 2007.0/i586/telnet-client-krb5-1.4.3-6.1mdv2007.0.i586.rpm
0f95ea728eca0962591d142c74238700 2007.0/i586/telnet-server-krb5-1.4.3-6.1mdv2007.0.i586.rpm
87c94334c61bc67e3ef95e930ee72149 2007.0/SRPMS/krb5-1.4.3-6.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
02a5ebc046e0cb9133162ce621fb3b1f 2007.0/x86_64/ftp-client-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
0a2b6ae87af0ed4ec445b65531d3408a 2007.0/x86_64/ftp-server-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
e2958d861bb45c52be5cad5bbf08ef35 2007.0/x86_64/krb5-server-1.4.3-6.1mdv2007.0.x86_64.rpm
fac1f28b2c5a2065ffa772e2e1cb6d70 2007.0/x86_64/krb5-workstation-1.4.3-6.1mdv2007.0.x86_64.rpm
36bcd1fb2e859c637256680ca4fc468b 2007.0/x86_64/lib64krb53-1.4.3-6.1mdv2007.0.x86_64.rpm
7d936ed2b1441714205e987bd63a2ec5 2007.0/x86_64/lib64krb53-devel-1.4.3-6.1mdv2007.0.x86_64.rpm
4754b9b3ce36cad7d3dfa852a03d7fe0 2007.0/x86_64/telnet-client-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
71832a8dcf70b4e46b0bb9bc3343860d 2007.0/x86_64/telnet-server-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
87c94334c61bc67e3ef95e930ee72149 2007.0/SRPMS/krb5-1.4.3-6.1mdv2007.0.src.rpm
Corporate 3.0:
02c99157c7a70bcf69309e4ef15dd886 corporate/3.0/i586/ftp-client-krb5-1.3-6.8.C30mdk.i586.rpm
3f58daeaaed40d88f74507049966df22 corporate/3.0/i586/ftp-server-krb5-1.3-6.8.C30mdk.i586.rpm
3703251ed231c0df3bc0d2477ef77f6a corporate/3.0/i586/krb5-server-1.3-6.8.C30mdk.i586.rpm
ff9ca353c32ed0c0a655ef9a4179c751 corporate/3.0/i586/krb5-workstation-1.3-6.8.C30mdk.i586.rpm
de0c33d4bc2fc6b61d365f91e366bd67 corporate/3.0/i586/libkrb51-1.3-6.8.C30mdk.i586.rpm
5fac8b79343bef871b450524682b5c68 corporate/3.0/i586/libkrb51-devel-1.3-6.8.C30mdk.i586.rpm
4a0216e5afa5ec83523e5cfdcd6fda24 corporate/3.0/i586/telnet-client-krb5-1.3-6.8.C30mdk.i586.rpm
ae5eed1f6591a785f4093924d98d640f corporate/3.0/i586/telnet-server-krb5-1.3-6.8.C30mdk.i586.rpm
b76e0f3069504ba96ed29c13f8f8d9b6 corporate/3.0/SRPMS/krb5-1.3-6.8.C30mdk.src.rpm
Corporate 3.0/X86_64:
effb08ab8684a97a591c8112d146e827 corporate/3.0/x86_64/ftp-client-krb5-1.3-6.8.C30mdk.x86_64.rpm
110e5a4422f57c7c7db46967f265ed20 corporate/3.0/x86_64/ftp-server-krb5-1.3-6.8.C30mdk.x86_64.rpm
a178af307e6c416bb77b9dc45ff49ac6 corporate/3.0/x86_64/krb5-server-1.3-6.8.C30mdk.x86_64.rpm
b84aab804554143cf1a9ce511a42a81a corporate/3.0/x86_64/krb5-workstation-1.3-6.8.C30mdk.x86_64.rpm
a122ef49d58a704d321297eea594b3f6 corporate/3.0/x86_64/lib64krb51-1.3-6.8.C30mdk.x86_64.rpm
b68729b8c2d401fec19beb5ad68006e7 corporate/3.0/x86_64/lib64krb51-devel-1.3-6.8.C30mdk.x86_64.rpm
63482694130642c1e156054e9a944d3a corporate/3.0/x86_64/telnet-client-krb5-1.3-6.8.C30mdk.x86_64.rpm
52c1eada2b3104f8387f2b5eee0c5e92 corporate/3.0/x86_64/telnet-server-krb5-1.3-6.8.C30mdk.x86_64.rpm
b76e0f3069504ba96ed29c13f8f8d9b6 corporate/3.0/SRPMS/krb5-1.3-6.8.C30mdk.src.rpm
Corporate 4.0:
0b6d63d25604e886c74688f5189e3d99 corporate/4.0/i586/ftp-client-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
8f0ddc6328ca242f74d1238d7c42a097 corporate/4.0/i586/ftp-server-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
50f2d47b6c02cff492bb0a39073f9ad4 corporate/4.0/i586/krb5-server-1.4.3-5.2.20060mlcs4.i586.rpm
dc869f11fab9a71c5970fa7b574276bf corporate/4.0/i586/krb5-workstation-1.4.3-5.2.20060mlcs4.i586.rpm
2961482510210a3ceec020566b4fd370 corporate/4.0/i586/libkrb53-1.4.3-5.2.20060mlcs4.i586.rpm
49954e190e4e672b5437d36a4d9befaa corporate/4.0/i586/libkrb53-devel-1.4.3-5.2.20060mlcs4.i586.rpm
204894da33e23e65f71b73dc538262da corporate/4.0/i586/telnet-client-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
ae51fdd37d52903ecc548fa7b66f0129 corporate/4.0/i586/telnet-server-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
e646f77683f9ebc6591be949bc8208bc corporate/4.0/SRPMS/krb5-1.4.3-5.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
d4b0719081f93a1806868f24f8100b0c corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
ee3b47806dd47f634b97b0dba99f80f2 corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
64d9d4d773b6aed752db77ec282d7c3e corporate/4.0/x86_64/krb5-server-1.4.3-5.2.20060mlcs4.x86_64.rpm
62426e65d7b5662f27c185a92f353c98 corporate/4.0/x86_64/krb5-workstation-1.4.3-5.2.20060mlcs4.x86_64.rpm
65f8e462a0333caec9512aabe944d9ab corporate/4.0/x86_64/lib64krb53-1.4.3-5.2.20060mlcs4.x86_64.rpm
811fbfdcfa723937dbfc2af3670baa70 corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.2.20060mlcs4.x86_64.rpm
6b2c5735bcc66849bbae68cfae669535 corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
e4fb528ecf1d98fdae0d76c873d6b88f corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
e646f77683f9ebc6591be949bc8208bc corporate/4.0/SRPMS/krb5-1.4.3-5.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
eec7136889615016b562fcf56cd38202 mnf/2.0/i586/libkrb51-1.3-6.8.M20mdk.i586.rpm
b64b6185d2a648f74b2f024acf4bab01 mnf/2.0/SRPMS/krb5-1.3-6.8.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGE/QnmqjQ0CJFipgRAqdTAJwJFpOdUkGk29ZoXOsbG7XJzNr5QACdEHje
LcAyjeDR8D1kS+r0g6mLwKo=
=Yp6C
-----END PGP SIGNATURE-----