Advisories
Mandriva Advisories
|
 |
| Problem Description |
A vulnerability was discovered in the Kerberos FTP client. When the
client retrieves a file that has a filename beginning with a pipe
character, the FTP client will pass that filename to the command
shell in a system() call. This could allow a malicious remote FTP
server to write to files outside of the current directory or even
execute arbitrary commands as the user using the FTP client.
| Updated Packages |
Mandrakelinux 8.1
2d480884d097bdd03a37e164e92e19fb 8.1/RPMS/ftp-client-krb5-1.2.2-17.4mdk.i586.rpm 79edbe6ae93a0b49c9ebd2bb05c97e50 8.1/RPMS/ftp-server-krb5-1.2.2-17.4mdk.i586.rpm bf35c3ab6bec9135e4467b8fdad0cc80 8.1/RPMS/krb5-devel-1.2.2-17.4mdk.i586.rpm ad25706bdaec493ab1eec7f66391195e 8.1/RPMS/krb5-libs-1.2.2-17.4mdk.i586.rpm af0fa48cfdcff2df3059e54440555868 8.1/RPMS/krb5-server-1.2.2-17.4mdk.i586.rpm 922d81f4beaaad7853e39b0dbbc83fd9 8.1/RPMS/krb5-workstation-1.2.2-17.4mdk.i586.rpm 21b3beae50efac678cf1d313e09b6859 8.1/RPMS/telnet-client-krb5-1.2.2-17.4mdk.i586.rpm 638d0e3a6fb2e6d251fe38758aa623ac 8.1/RPMS/telnet-server-krb5-1.2.2-17.4mdk.i586.rpm 7fce8bd34160b2aadafc04a813a48554 8.1/SRPMS/krb5-1.2.2-17.4mdk.src.rpm
Mandrakelinux 8.1/IA64
68e7b8b9d8c9f336463f531d07b2f1c9 ia64/8.1/RPMS/ftp-client-krb5-1.2.2-17.4mdk.ia64.rpm 7d3692e7ff1a4e98698ba2153036681b ia64/8.1/RPMS/ftp-server-krb5-1.2.2-17.4mdk.ia64.rpm b11861cee93afb36e7ee2d55d853e7e8 ia64/8.1/RPMS/krb5-devel-1.2.2-17.4mdk.ia64.rpm c0fb6cd4ce4e02d8663913b21ddeecd6 ia64/8.1/RPMS/krb5-libs-1.2.2-17.4mdk.ia64.rpm a05cc3b97fc24adfbfac3c780dc29f52 ia64/8.1/RPMS/krb5-server-1.2.2-17.4mdk.ia64.rpm 04e9d98a7eeb7b03ebc704a6efa27f70 ia64/8.1/RPMS/krb5-workstation-1.2.2-17.4mdk.ia64.rpm 34bf6b947272a8851815629267e94d36 ia64/8.1/RPMS/telnet-client-krb5-1.2.2-17.4mdk.ia64.rpm 09a8b6f1f9746edcd8a49f640a8f6caf ia64/8.1/RPMS/telnet-server-krb5-1.2.2-17.4mdk.ia64.rpm 7fce8bd34160b2aadafc04a813a48554 ia64/8.1/SRPMS/krb5-1.2.2-17.4mdk.src.rpm
Mandrakelinux 8.2
a420e79c59883a7137da026fbeece479 8.2/RPMS/ftp-client-krb5-1.2.2-17.4mdk.i586.rpm c2e04b717dfa8977afced8908fd00829 8.2/RPMS/ftp-server-krb5-1.2.2-17.4mdk.i586.rpm f4c35796085b542ccf5984ae6aef3fa3 8.2/RPMS/krb5-devel-1.2.2-17.4mdk.i586.rpm 7b0e5846ba9111e80a0f61b6031c9572 8.2/RPMS/krb5-libs-1.2.2-17.4mdk.i586.rpm 649d509b055b7850e19a800ca4ada374 8.2/RPMS/krb5-server-1.2.2-17.4mdk.i586.rpm 985491105c430433be7fb015d15afb8e 8.2/RPMS/krb5-workstation-1.2.2-17.4mdk.i586.rpm 72bef496f881a48b784a4c9d2684694e 8.2/RPMS/telnet-client-krb5-1.2.2-17.4mdk.i586.rpm c94980751d86524fdf9a04d4a4d7df88 8.2/RPMS/telnet-server-krb5-1.2.2-17.4mdk.i586.rpm 7fce8bd34160b2aadafc04a813a48554 8.2/SRPMS/krb5-1.2.2-17.4mdk.src.rpm
Mandrakelinux 8.2/PPC
69cc12b90974facd2211ec445e87ded9 ppc/8.2/RPMS/ftp-client-krb5-1.2.2-17.4mdk.ppc.rpm de9354b5fae5881e592c2c8a8c2ea110 ppc/8.2/RPMS/ftp-server-krb5-1.2.2-17.4mdk.ppc.rpm e76f218d156db1bc0c3055be11901f87 ppc/8.2/RPMS/krb5-devel-1.2.2-17.4mdk.ppc.rpm a2abcd6f614edb2837e8a0b28fc83f9c ppc/8.2/RPMS/krb5-libs-1.2.2-17.4mdk.ppc.rpm 1a4e2ecad97681fad7cdbddeb5dbfdbf ppc/8.2/RPMS/krb5-server-1.2.2-17.4mdk.ppc.rpm 4378345e4e5ddaf30db25bbd4c817fb8 ppc/8.2/RPMS/krb5-workstation-1.2.2-17.4mdk.ppc.rpm 3a53dd63aadc1582f6f8e97febc1e818 ppc/8.2/RPMS/telnet-client-krb5-1.2.2-17.4mdk.ppc.rpm a6dc8e41bacd9a5677406aa70347be36 ppc/8.2/RPMS/telnet-server-krb5-1.2.2-17.4mdk.ppc.rpm 7fce8bd34160b2aadafc04a813a48554 ppc/8.2/SRPMS/krb5-1.2.2-17.4mdk.src.rpm
Mandrakelinux 9.0
43a7c22bca8abdd8565571462799b58d 9.0/RPMS/ftp-client-krb5-1.2.5-1.3mdk.i586.rpm 88c802552ca70467ddbc41d03ffb4a13 9.0/RPMS/ftp-server-krb5-1.2.5-1.3mdk.i586.rpm f316835b3625c93cb4b7071ef0cdba81 9.0/RPMS/krb5-devel-1.2.5-1.3mdk.i586.rpm 223bcd26f75a053f102edd61b9e32c42 9.0/RPMS/krb5-libs-1.2.5-1.3mdk.i586.rpm 9f47cdc3e0f4e73f2785391401db3606 9.0/RPMS/krb5-server-1.2.5-1.3mdk.i586.rpm 45abe8da8f951dee0085d78c7ba3f48d 9.0/RPMS/krb5-workstation-1.2.5-1.3mdk.i586.rpm 09e43b1a65fe9f7cba15e857b72ab834 9.0/RPMS/telnet-client-krb5-1.2.5-1.3mdk.i586.rpm e897ba5e26203217039eb56f04796934 9.0/RPMS/telnet-server-krb5-1.2.5-1.3mdk.i586.rpm e0a9c95f9e66df0b768121b81494c411 9.0/SRPMS/krb5-1.2.5-1.3mdk.src.rpm
Multi Network Firewall 8.2
7b0e5846ba9111e80a0f61b6031c9572 mnf8.2/RPMS/krb5-libs-1.2.2-17.4mdk.i586.rpm 7fce8bd34160b2aadafc04a813a48554 mnf8.2/SRPMS/krb5-1.2.2-17.4mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0041
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.