Advisories

Mandriva Advisories

Package name	krb5
Date	April 4th, 2007
Advisory ID	MDKSA-2007:077
Affected versions	CS3.0, MNF2.0, 2006.0, 2007.0, CS4.0
Synopsis	Updated krb5 packages fix vulnerabilities

Problem Description

A vulnerability was found in the username handling of the MIT krb5
telnet daemon. A remote attacker that could access the telnet port
of a target machine could login as root without requiring a password
(CVE-2007-0956).

Buffer overflows in the kadmin server daemon were discovered that could
be exploited by a remote attacker able to access the KDC. Successful
exploitation could allow for the execution of arbitrary code with the
privileges of the KDC or kadmin server processes (CVE-2007-0957).

Finally, a double-free flaw was discovered in the GSSAPI library used
by the kadmin server daemon, which could lead to a denial of service
condition or the execution of arbitrary code with the privileges of
the KDC or kadmin server processes (CVE-2007-1216).

Updated packages have been patched to address this issue.

Updated Packages

Corporate Server 3.0

 02c99157c7a70bcf69309e4ef15dd886  corporate/3.0/i586/ftp-client-krb5-1.3-6.8.C30mdk.i586.rpm
 3f58daeaaed40d88f74507049966df22  corporate/3.0/i586/ftp-server-krb5-1.3-6.8.C30mdk.i586.rpm
 3703251ed231c0df3bc0d2477ef77f6a  corporate/3.0/i586/krb5-server-1.3-6.8.C30mdk.i586.rpm
 ff9ca353c32ed0c0a655ef9a4179c751  corporate/3.0/i586/krb5-workstation-1.3-6.8.C30mdk.i586.rpm
 de0c33d4bc2fc6b61d365f91e366bd67  corporate/3.0/i586/libkrb51-1.3-6.8.C30mdk.i586.rpm
 5fac8b79343bef871b450524682b5c68  corporate/3.0/i586/libkrb51-devel-1.3-6.8.C30mdk.i586.rpm
 4a0216e5afa5ec83523e5cfdcd6fda24  corporate/3.0/i586/telnet-client-krb5-1.3-6.8.C30mdk.i586.rpm
 ae5eed1f6591a785f4093924d98d640f  corporate/3.0/i586/telnet-server-krb5-1.3-6.8.C30mdk.i586.rpm 
 b76e0f3069504ba96ed29c13f8f8d9b6  corporate/3.0/SRPMS/krb5-1.3-6.8.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 effb08ab8684a97a591c8112d146e827  corporate/3.0/x86_64/ftp-client-krb5-1.3-6.8.C30mdk.x86_64.rpm
 110e5a4422f57c7c7db46967f265ed20  corporate/3.0/x86_64/ftp-server-krb5-1.3-6.8.C30mdk.x86_64.rpm
 a178af307e6c416bb77b9dc45ff49ac6  corporate/3.0/x86_64/krb5-server-1.3-6.8.C30mdk.x86_64.rpm
 b84aab804554143cf1a9ce511a42a81a  corporate/3.0/x86_64/krb5-workstation-1.3-6.8.C30mdk.x86_64.rpm
 a122ef49d58a704d321297eea594b3f6  corporate/3.0/x86_64/lib64krb51-1.3-6.8.C30mdk.x86_64.rpm
 b68729b8c2d401fec19beb5ad68006e7  corporate/3.0/x86_64/lib64krb51-devel-1.3-6.8.C30mdk.x86_64.rpm
 63482694130642c1e156054e9a944d3a  corporate/3.0/x86_64/telnet-client-krb5-1.3-6.8.C30mdk.x86_64.rpm
 52c1eada2b3104f8387f2b5eee0c5e92  corporate/3.0/x86_64/telnet-server-krb5-1.3-6.8.C30mdk.x86_64.rpm 
 b76e0f3069504ba96ed29c13f8f8d9b6  corporate/3.0/SRPMS/krb5-1.3-6.8.C30mdk.src.rpm

Multi Network Firewall 2.0

 eec7136889615016b562fcf56cd38202  mnf/2.0/i586/libkrb51-1.3-6.8.M20mdk.i586.rpm 
 b64b6185d2a648f74b2f024acf4bab01  mnf/2.0/SRPMS/krb5-1.3-6.8.M20mdk.src.rpm

Mandriva Linux 2006

 f76875e9839deaf87628a3c7e0a81632  2006.0/i586/ftp-client-krb5-1.4.2-2.2.20060mdk.i586.rpm
 d2448392e0c350d3ca488d2e73e57f6d  2006.0/i586/ftp-server-krb5-1.4.2-2.2.20060mdk.i586.rpm
 42e6330603ecaed04ea0649f7050a4c1  2006.0/i586/krb5-server-1.4.2-2.2.20060mdk.i586.rpm
 adadd1cad1f1bc5f01809a508d2b8fd1  2006.0/i586/krb5-workstation-1.4.2-2.2.20060mdk.i586.rpm
 ab8987522600f8e629901563e3be90c2  2006.0/i586/libkrb53-1.4.2-2.2.20060mdk.i586.rpm
 7d70bb7bb821c3e91e9d062330528815  2006.0/i586/libkrb53-devel-1.4.2-2.2.20060mdk.i586.rpm
 f4104abdc22e16574bcddde0a178d935  2006.0/i586/telnet-client-krb5-1.4.2-2.2.20060mdk.i586.rpm
 110f54ead0abc486faa1f2b47057122b  2006.0/i586/telnet-server-krb5-1.4.2-2.2.20060mdk.i586.rpm 
 8cc03b4b7cc34cb3c2b53e4f9f9b73dd  2006.0/SRPMS/krb5-1.4.2-2.2.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 0f2d7c3fc50552aa586dd6c5b12a5b85  2006.0/x86_64/ftp-client-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
 bbd94e005c67b4b94cf544b736028416  2006.0/x86_64/ftp-server-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
 f406f21d7b210ae6d489c77c15d34a60  2006.0/x86_64/krb5-server-1.4.2-2.2.20060mdk.x86_64.rpm
 9d00284ec202ed44e63266698a1d85e6  2006.0/x86_64/krb5-workstation-1.4.2-2.2.20060mdk.x86_64.rpm
 8ca28a4cc9eb7f292a1d73b975740fab  2006.0/x86_64/lib64krb53-1.4.2-2.2.20060mdk.x86_64.rpm
 565b9a19c5cf7b94dcf28e1bc1e21d2e  2006.0/x86_64/lib64krb53-devel-1.4.2-2.2.20060mdk.x86_64.rpm
 5c931d032ce9d3ed91a4e4b04f20bfb8  2006.0/x86_64/telnet-client-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
 27b39ae245a43322d4abbb4191da56ac  2006.0/x86_64/telnet-server-krb5-1.4.2-2.2.20060mdk.x86_64.rpm 
 8cc03b4b7cc34cb3c2b53e4f9f9b73dd  2006.0/SRPMS/krb5-1.4.2-2.2.20060mdk.src.rpm

Mandriva Linux 2007

 6dfbc8eef1479cce19c957bbed4457aa  2007.0/i586/ftp-client-krb5-1.4.3-6.1mdv2007.0.i586.rpm
 54ff3fe8a117603f8700e96f34a1b33a  2007.0/i586/ftp-server-krb5-1.4.3-6.1mdv2007.0.i586.rpm
 2caf0205301d01a6be4ad1506944ba39  2007.0/i586/krb5-server-1.4.3-6.1mdv2007.0.i586.rpm
 b7b4a4f4b1fa356ca6468ffece1dfce8  2007.0/i586/krb5-workstation-1.4.3-6.1mdv2007.0.i586.rpm
 ab253c6ad6ecd7c15c1d150f5ed34091  2007.0/i586/libkrb53-1.4.3-6.1mdv2007.0.i586.rpm
 f192ef28bb37286be1e291761d3ced9c  2007.0/i586/libkrb53-devel-1.4.3-6.1mdv2007.0.i586.rpm
 d208fcaa1c5069c657815061ed3b2687  2007.0/i586/telnet-client-krb5-1.4.3-6.1mdv2007.0.i586.rpm
 0f95ea728eca0962591d142c74238700  2007.0/i586/telnet-server-krb5-1.4.3-6.1mdv2007.0.i586.rpm 
 87c94334c61bc67e3ef95e930ee72149  2007.0/SRPMS/krb5-1.4.3-6.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 02a5ebc046e0cb9133162ce621fb3b1f  2007.0/x86_64/ftp-client-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
 0a2b6ae87af0ed4ec445b65531d3408a  2007.0/x86_64/ftp-server-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
 e2958d861bb45c52be5cad5bbf08ef35  2007.0/x86_64/krb5-server-1.4.3-6.1mdv2007.0.x86_64.rpm
 fac1f28b2c5a2065ffa772e2e1cb6d70  2007.0/x86_64/krb5-workstation-1.4.3-6.1mdv2007.0.x86_64.rpm
 36bcd1fb2e859c637256680ca4fc468b  2007.0/x86_64/lib64krb53-1.4.3-6.1mdv2007.0.x86_64.rpm
 7d936ed2b1441714205e987bd63a2ec5  2007.0/x86_64/lib64krb53-devel-1.4.3-6.1mdv2007.0.x86_64.rpm
 4754b9b3ce36cad7d3dfa852a03d7fe0  2007.0/x86_64/telnet-client-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
 71832a8dcf70b4e46b0bb9bc3343860d  2007.0/x86_64/telnet-server-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm 
 87c94334c61bc67e3ef95e930ee72149  2007.0/SRPMS/krb5-1.4.3-6.1mdv2007.0.src.rpm

Corporate Server 4.0

 0b6d63d25604e886c74688f5189e3d99  corporate/4.0/i586/ftp-client-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
 8f0ddc6328ca242f74d1238d7c42a097  corporate/4.0/i586/ftp-server-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
 50f2d47b6c02cff492bb0a39073f9ad4  corporate/4.0/i586/krb5-server-1.4.3-5.2.20060mlcs4.i586.rpm
 dc869f11fab9a71c5970fa7b574276bf  corporate/4.0/i586/krb5-workstation-1.4.3-5.2.20060mlcs4.i586.rpm
 2961482510210a3ceec020566b4fd370  corporate/4.0/i586/libkrb53-1.4.3-5.2.20060mlcs4.i586.rpm
 49954e190e4e672b5437d36a4d9befaa  corporate/4.0/i586/libkrb53-devel-1.4.3-5.2.20060mlcs4.i586.rpm
 204894da33e23e65f71b73dc538262da  corporate/4.0/i586/telnet-client-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
 ae51fdd37d52903ecc548fa7b66f0129  corporate/4.0/i586/telnet-server-krb5-1.4.3-5.2.20060mlcs4.i586.rpm 
 e646f77683f9ebc6591be949bc8208bc  corporate/4.0/SRPMS/krb5-1.4.3-5.2.20060mlcs4.src.rpm

Corporate Server 4.0/X86_64

 d4b0719081f93a1806868f24f8100b0c  corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
 ee3b47806dd47f634b97b0dba99f80f2  corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
 64d9d4d773b6aed752db77ec282d7c3e  corporate/4.0/x86_64/krb5-server-1.4.3-5.2.20060mlcs4.x86_64.rpm
 62426e65d7b5662f27c185a92f353c98  corporate/4.0/x86_64/krb5-workstation-1.4.3-5.2.20060mlcs4.x86_64.rpm
 65f8e462a0333caec9512aabe944d9ab  corporate/4.0/x86_64/lib64krb53-1.4.3-5.2.20060mlcs4.x86_64.rpm
 811fbfdcfa723937dbfc2af3670baa70  corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.2.20060mlcs4.x86_64.rpm
 6b2c5735bcc66849bbae68cfae669535  corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
 e4fb528ecf1d98fdae0d76c873d6b88f  corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm 
 e646f77683f9ebc6591be949bc8208bc  corporate/4.0/SRPMS/krb5-1.4.3-5.2.20060mlcs4.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer