Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2000.141 -- RHSA-2000:025-12
Updated Kerberos 5 packages are now available for Red Hat Linux
16 June 2000
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Kerberos 5
Vendor: Red Hat
Operating System: Linux
Platform: N/A
Impact: Root Compromise
Denial of Service
Access Required: Remote
Local
Ref: ESB-2000.094
ESB-2000.099
ESB-2000.109
ESB-2000.119
ESB-2000.132
ESB-2000.140
- --------------------------BEGIN INCLUDED TEXT--------------------
- ---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Updated Kerberos 5 packages are now available for Red Hat Linux.
Advisory ID: RHSA-2000:025-12
Issue date: 2000-05-16
Updated on: 2000-06-15
Product: Red Hat Linux
Keywords: N/A
Cross references: N/A
- ---------------------------------------------------------------------
1. Topic:
Security vulnerabilities have been found in the Kerberos 5 implementation
shipped with Red Hat Linux 6.2.
2. Relevant releases/architectures:
Red Hat Linux 6.2 - i386 alpha sparc
3. Problem description:
A number of possible buffer overruns were found in libraries included
in the affected packages. A denial-of-service vulnerability was also found
in the ksu program.
* A remote user may gain unauthorized root access to a machine running
services authenticated with Kerberos 4.
* A remote user may gain unauthorized root access to a machine running
krshd, regardless of whether the program is configured to accept
Kerberos 4 authentication.
* A local user may gain unauthorized root access by exploiting v4rcp
or ksu.
* A remote user can cause a KDC to become unresponsive or crash by sending
it an improperly formatted request.
* A remote user may execute certain FTP commands without authorization
on systems using the FTP server included in the krb5-workstation
package.
* An attacker with access to a local account may gain unauthorized
root access on systems using the FTP server included in the
krb5-workstation package.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
10653 - 'stat' unresolved on "libkrb5.so.2.2" load
11496 - security-updated krb5 packages fail dependencies
6. RPMs required:
Red Hat Linux 6.2:
intel:
ftp://ftp.redhat.com/redhat/updates/6.2/i386/krb5-configs-1.1.1-21.i386.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/i386/krb5-devel-1.1.1-21.i386.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/i386/krb5-libs-1.1.1-21.i386.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/i386/krb5-server-1.1.1-21.i386.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/i386/krb5-workstation-1.1.1-21.i386.rpm
alpha:
ftp://ftp.redhat.com/redhat/updates/6.2/alpha/krb5-configs-1.1.1-21.alpha.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/alpha/krb5-devel-1.1.1-21.alpha.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/alpha/krb5-libs-1.1.1-21.alpha.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/alpha/krb5-server-1.1.1-21.alpha.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/alpha/krb5-workstation-1.1.1-21.alpha.rpm
sparc:
ftp://ftp.redhat.com/redhat/updates/6.2/sparc/krb5-configs-1.1.1-21.sparc.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/sparc/krb5-devel-1.1.1-21.sparc.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/sparc/krb5-libs-1.1.1-21.sparc.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/sparc/krb5-server-1.1.1-21.sparc.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/sparc/krb5-workstation-1.1.1-21.sparc.rpm
sources:
ftp://ftp.redhat.com/redhat/updates/6.2/SRPMS/krb5-1.1.1-21.src.rpm
7. Verification:
MD5 sum Package Name
- --------------------------------------------------------------------------
220dd8648e6560215475f29f12cf7fbf 6.2/SRPMS/krb5-1.1.1-21.src.rpm
506aa4887dbb63ee0fdf1b0617db5d92 6.2/alpha/krb5-configs-1.1.1-21.alpha.rpm
19d3648a64b259a3a83ef70ecf3c1d3e 6.2/alpha/krb5-devel-1.1.1-21.alpha.rpm
ea30e1a247aa7d4c516ead13c825c8cb 6.2/alpha/krb5-libs-1.1.1-21.alpha.rpm
55805f5199f7c2c24c03f4609a2cbd81 6.2/alpha/krb5-server-1.1.1-21.alpha.rpm
a98473df43eedf564efe9a05b30c2baf 6.2/alpha/krb5-workstation-1.1.1-21.alpha.rpm
43d0af74bb628d446dc8781e9d0ae08b 6.2/i386/krb5-configs-1.1.1-21.i386.rpm
d13ac3cc0e680b0e452aeb34749ea7b4 6.2/i386/krb5-devel-1.1.1-21.i386.rpm
76882356337e55cd3bd5e0d5cfa454de 6.2/i386/krb5-libs-1.1.1-21.i386.rpm
93efde6cc79b16245f5e27e793a8a4ad 6.2/i386/krb5-server-1.1.1-21.i386.rpm
aa00aa8b26a50b75317f51e447a17420 6.2/i386/krb5-workstation-1.1.1-21.i386.rpm
ff7f959f22e80e9aeabb3a1c6602e225 6.2/sparc/krb5-configs-1.1.1-21.sparc.rpm
1cce9df9c5591fe43c1340334d01d6be 6.2/sparc/krb5-devel-1.1.1-21.sparc.rpm
cc67fdfad917452f383e45a9945e5ae0 6.2/sparc/krb5-libs-1.1.1-21.sparc.rpm
0215d914b0d9e2f78830ef7df9b14fea 6.2/sparc/krb5-server-1.1.1-21.sparc.rpm
3f564e722e61c1e4e8bd1a3faa108b3d 6.2/sparc/krb5-workstation-1.1.1-21.sparc.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
http://www.securityfocus.com/bid/1220
http://www.securityfocus.com/bid/1338
http://web.mit.edu/kerberos/www/advisories/index.html
Thanks to Chris Evans, Mike Friedman, Jim Paris, Matt Power, Andrew
Newman, Christopher R. Thompson, and Marcus Watts for reporting these
problems to us and the Kerberos 5 team.
- --------------------------END INCLUDED TEXT--------------------
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBOXXTWyh9+71yA2DNAQHkwAP8DOJ1nR+yDvLgYKv5R58xW7x423cUD8DH
9w4PVF0eTdrneKdFyqz3F19FIvgoUzjtJ64OO0/5H2yMKe/Rk+U2oWSEJdN6zh4H
L4XYeiBu1FqlEk6syra20I6fkM4vSyGKKakCf3JXiS6LU9AvHzkIvYMSVX4Add2I
DzqyQ8BLgCY=
=b1oR
-----END PGP SIGNATURE-----