Red Hat 9062 Published by

Updated krb5 packages are available for Red Hat Linux 7.3/9 and Fedora Core 1

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated krb5 packages fix security issues
Advisory ID: FLSA:154276
Issue date: 2005-07-24
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2004-0523 CAN-2004-0642 CAN-2004-0643
CAN-2004-0644 CAN-2004-0772 CAN-2004-0971
CAN-2004-1189 CAN-2005-0468 CAN-2005-0469
---------------------------------------------------------------------


---------------------------------------------------------------------
1. Topic:

Updated Kerberos (krb5) packages that correct multiple security issues are now available.

Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other.

Note that some of these issues have already been fixed in Fedora Core 1. Please refer to previous advisories for details.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386



3. Problem description:

Several buffer overflows were possible for all Kerberos versions up to and including 1.3.3 in the krb5_aname_to_localname library function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0523 to this issue.

Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execuate arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0642 and CAN-2004-0643 to these issues.

A double-free bug was also found in the krb524 server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0772 to this issue.

An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0644 to this issue.

A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This bug could allow an authenticated remote attacker to execute arbitrary commands on a realm's master Kerberos KDC. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1189 to this issue.

Additionally a temporary file bug was found in the Kerberos krb5-send-pr program. It is possible that an attacker could create a temporary file that would allow an arbitrary file to be overwritten which the victim has write access to. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0971 to this issue.

The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468 and CAN-2005-0469 to these issues.

All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154276

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/krb5-1.2.4-16.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/krb5-devel-1.2.4-16.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/krb5-libs-1.2.4-16.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/krb5-server-1.2.4-16.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/krb5-workstation-1.2.4-16.1.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/krb5-1.2.7-38.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/krb5-devel-1.2.7-38.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/krb5-libs-1.2.7-38.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/krb5-server-1.2.7-38.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/krb5-workstation-1.2.7-38.3.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/krb5-1.3.4-5.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/krb5-devel-1.3.4-5.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/krb5-libs-1.3.4-5.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/krb5-server-1.3.4-5.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/krb5-workstation-1.3.4-5.3.legacy.i386.rpm


7. Verification:

SHA1 sum Package Name
---------------------------------------------------------------------

4fcc561d7f179fb0672b0f273043c272b790f423
redhat/7.3/updates/i386/krb5-devel-1.2.4-16.1.legacy.i386.rpm
07938a62bd7498733b3e535a381fe18223184eda
redhat/7.3/updates/i386/krb5-libs-1.2.4-16.1.legacy.i386.rpm
c81a4385ede484d89187d5836d49cacbc5655ee1
redhat/7.3/updates/i386/krb5-server-1.2.4-16.1.legacy.i386.rpm
568b4b641c2b9a54eafd14b4099bc72d49f02137
redhat/7.3/updates/i386/krb5-workstation-1.2.4-16.1.legacy.i386.rpm
4ee83ff2a6f0bd9bdbf0726ba2fd4acf6c5f43cc
redhat/7.3/updates/SRPMS/krb5-1.2.4-16.1.legacy.src.rpm
0111aeb1c5946f18e8a48d1d27d8493c919ca936
redhat/9/updates/i386/krb5-devel-1.2.7-38.3.legacy.i386.rpm
35141598dbb9c60e8cd0b3f06b23528ee526bb46
redhat/9/updates/i386/krb5-libs-1.2.7-38.3.legacy.i386.rpm
bcaf771e3de01b16e73327cc3643a2ebd4fda6dd
redhat/9/updates/i386/krb5-server-1.2.7-38.3.legacy.i386.rpm
4b4b056d4abc0d69c14e7df45fa3b02e76db48fb
redhat/9/updates/i386/krb5-workstation-1.2.7-38.3.legacy.i386.rpm
ddc2bdafbecf5801a7238187936fee99966efc65
redhat/9/updates/SRPMS/krb5-1.2.7-38.3.legacy.src.rpm
389b8b7b2b59b4363f941e22213be5794e3321a0
fedora/1/updates/i386/krb5-devel-1.3.4-5.3.legacy.i386.rpm
f0f7a0e7a002751d9ed19d2c573f9b332759ac00
fedora/1/updates/i386/krb5-libs-1.3.4-5.3.legacy.i386.rpm
8d685627a81c1cc51545e8d43db8c3f2acc4a520
fedora/1/updates/i386/krb5-server-1.3.4-5.3.legacy.i386.rpm
9aed15c515e7e319fe880b064ecc595565db6575
fedora/1/updates/i386/krb5-workstation-1.3.4-5.3.legacy.i386.rpm
d8f81d57720d1b4c4fc393778f82d7119aeb209c
fedora/1/updates/SRPMS/krb5-1.3.4-5.3.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org