Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2000.141 -- RHSA-2000:025-12 Updated Kerberos 5 packages are now available for Red Hat Linux 16 June 2000 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Kerberos 5 Vendor: Red Hat Operating System: Linux Platform: N/A Impact: Root Compromise Denial of Service Access Required: Remote Local Ref: ESB-2000.094 ESB-2000.099 ESB-2000.109 ESB-2000.119 ESB-2000.132 ESB-2000.140 - --------------------------BEGIN INCLUDED TEXT-------------------- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Updated Kerberos 5 packages are now available for Red Hat Linux. Advisory ID: RHSA-2000:025-12 Issue date: 2000-05-16 Updated on: 2000-06-15 Product: Red Hat Linux Keywords: N/A Cross references: N/A - --------------------------------------------------------------------- 1. Topic: Security vulnerabilities have been found in the Kerberos 5 implementation shipped with Red Hat Linux 6.2. 2. Relevant releases/architectures: Red Hat Linux 6.2 - i386 alpha sparc 3. Problem description: A number of possible buffer overruns were found in libraries included in the affected packages. A denial-of-service vulnerability was also found in the ksu program. * A remote user may gain unauthorized root access to a machine running services authenticated with Kerberos 4. * A remote user may gain unauthorized root access to a machine running krshd, regardless of whether the program is configured to accept Kerberos 4 authentication. * A local user may gain unauthorized root access by exploiting v4rcp or ksu. * A remote user can cause a KDC to become unresponsive or crash by sending it an improperly formatted request. * A remote user may execute certain FTP commands without authorization on systems using the FTP server included in the krb5-workstation package. * An attacker with access to a local account may gain unauthorized root access on systems using the FTP server included in the krb5-workstation package. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 10653 - 'stat' unresolved on "libkrb5.so.2.2" load 11496 - security-updated krb5 packages fail dependencies 6. RPMs required: Red Hat Linux 6.2: intel: ftp://ftp.redhat.com/redhat/updates/6.2/i386/krb5-configs-1.1.1-21.i386.rpm ftp://ftp.redhat.com/redhat/updates/6.2/i386/krb5-devel-1.1.1-21.i386.rpm ftp://ftp.redhat.com/redhat/updates/6.2/i386/krb5-libs-1.1.1-21.i386.rpm ftp://ftp.redhat.com/redhat/updates/6.2/i386/krb5-server-1.1.1-21.i386.rpm ftp://ftp.redhat.com/redhat/updates/6.2/i386/krb5-workstation-1.1.1-21.i386.rpm alpha: ftp://ftp.redhat.com/redhat/updates/6.2/alpha/krb5-configs-1.1.1-21.alpha.rpm ftp://ftp.redhat.com/redhat/updates/6.2/alpha/krb5-devel-1.1.1-21.alpha.rpm ftp://ftp.redhat.com/redhat/updates/6.2/alpha/krb5-libs-1.1.1-21.alpha.rpm ftp://ftp.redhat.com/redhat/updates/6.2/alpha/krb5-server-1.1.1-21.alpha.rpm ftp://ftp.redhat.com/redhat/updates/6.2/alpha/krb5-workstation-1.1.1-21.alpha.rpm sparc: ftp://ftp.redhat.com/redhat/updates/6.2/sparc/krb5-configs-1.1.1-21.sparc.rpm ftp://ftp.redhat.com/redhat/updates/6.2/sparc/krb5-devel-1.1.1-21.sparc.rpm ftp://ftp.redhat.com/redhat/updates/6.2/sparc/krb5-libs-1.1.1-21.sparc.rpm ftp://ftp.redhat.com/redhat/updates/6.2/sparc/krb5-server-1.1.1-21.sparc.rpm ftp://ftp.redhat.com/redhat/updates/6.2/sparc/krb5-workstation-1.1.1-21.sparc.rpm sources: ftp://ftp.redhat.com/redhat/updates/6.2/SRPMS/krb5-1.1.1-21.src.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 220dd8648e6560215475f29f12cf7fbf 6.2/SRPMS/krb5-1.1.1-21.src.rpm 506aa4887dbb63ee0fdf1b0617db5d92 6.2/alpha/krb5-configs-1.1.1-21.alpha.rpm 19d3648a64b259a3a83ef70ecf3c1d3e 6.2/alpha/krb5-devel-1.1.1-21.alpha.rpm ea30e1a247aa7d4c516ead13c825c8cb 6.2/alpha/krb5-libs-1.1.1-21.alpha.rpm 55805f5199f7c2c24c03f4609a2cbd81 6.2/alpha/krb5-server-1.1.1-21.alpha.rpm a98473df43eedf564efe9a05b30c2baf 6.2/alpha/krb5-workstation-1.1.1-21.alpha.rpm 43d0af74bb628d446dc8781e9d0ae08b 6.2/i386/krb5-configs-1.1.1-21.i386.rpm d13ac3cc0e680b0e452aeb34749ea7b4 6.2/i386/krb5-devel-1.1.1-21.i386.rpm 76882356337e55cd3bd5e0d5cfa454de 6.2/i386/krb5-libs-1.1.1-21.i386.rpm 93efde6cc79b16245f5e27e793a8a4ad 6.2/i386/krb5-server-1.1.1-21.i386.rpm aa00aa8b26a50b75317f51e447a17420 6.2/i386/krb5-workstation-1.1.1-21.i386.rpm ff7f959f22e80e9aeabb3a1c6602e225 6.2/sparc/krb5-configs-1.1.1-21.sparc.rpm 1cce9df9c5591fe43c1340334d01d6be 6.2/sparc/krb5-devel-1.1.1-21.sparc.rpm cc67fdfad917452f383e45a9945e5ae0 6.2/sparc/krb5-libs-1.1.1-21.sparc.rpm 0215d914b0d9e2f78830ef7df9b14fea 6.2/sparc/krb5-server-1.1.1-21.sparc.rpm 3f564e722e61c1e4e8bd1a3faa108b3d 6.2/sparc/krb5-workstation-1.1.1-21.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://www.securityfocus.com/bid/1220 http://www.securityfocus.com/bid/1338 http://web.mit.edu/kerberos/www/advisories/index.html Thanks to Chris Evans, Mike Friedman, Jim Paris, Matt Power, Andrew Newman, Christopher R. Thompson, and Marcus Watts for reporting these problems to us and the Kerberos 5 team. - --------------------------END INCLUDED TEXT-------------------- This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the original authors to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/Information/advisories.html If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBOXXTWyh9+71yA2DNAQHkwAP8DOJ1nR+yDvLgYKv5R58xW7x423cUD8DH 9w4PVF0eTdrneKdFyqz3F19FIvgoUzjtJ64OO0/5H2yMKe/Rk+U2oWSEJdN6zh4H L4XYeiBu1FqlEk6syra20I6fkM4vSyGKKakCf3JXiS6LU9AvHzkIvYMSVX4Add2I DzqyQ8BLgCY= =b1oR -----END PGP SIGNATURE-----