Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2000.143 -- RHSA-2000:025-13 (Revised)
Updated Kerberos 5 packages are now available for Red Hat Linux.
19 June 2000
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Kerberos 5
Vendor: Red Hat
Operating System: Linux
Platform: N/A
Impact: Root Compromise
Denial of Service
Access Required: Remote
Local
Ref: ESB-2000.141
- --------------------------BEGIN INCLUDED TEXT--------------------
- ---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Updated Kerberos 5 packages are now available for Red Hat Linux.
Advisory ID: RHSA-2000:025-13
Issue date: 2000-05-16
Updated on: 2000-06-16
Product: Red Hat Linux
Keywords: N/A
Cross references: N/A
- ---------------------------------------------------------------------
1. Topic:
Security vulnerabilities have been found in the Kerberos 5 implementation
shipped with Red Hat Linux 6.2.
2. Relevant releases/architectures:
Red Hat Linux 6.2 - i386 alpha sparc
3. Problem description:
A number of possible buffer overruns were found in libraries included
in the affected packages. A denial-of-service vulnerability was also found
in the ksu program.
* A remote user may gain unauthorized root access to a machine running
services authenticated with Kerberos 4.
* A remote user may gain unauthorized root access to a machine running
krshd, regardless of whether the program is configured to accept
Kerberos 4 authentication.
* A local user may gain unauthorized root access by exploiting v4rcp
or ksu.
* A remote user can cause a KDC to become unresponsive or crash by sending
it an improperly formatted request.
* A remote user may execute certain FTP commands without authorization
on systems using the FTP server included in the krb5-workstation
package.
* An attacker with access to a local account may gain unauthorized
root access on systems using the FTP server included in the
krb5-workstation package.
The prior errata announcement for these package contained incorrect md5sum
values. The correct md5sums are listed below.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
10653 - 'stat' unresolved on "libkrb5.so.2.2" load
11496 - security-updated krb5 packages fail dependencies
6. RPMs required:
Red Hat Linux 6.2:
intel:
ftp://updates.redhat.com/6.2/i386/krb5-configs-1.1.1-21.i386.rpm
ftp://updates.redhat.com/6.2/i386/krb5-devel-1.1.1-21.i386.rpm
ftp://updates.redhat.com/6.2/i386/krb5-libs-1.1.1-21.i386.rpm
ftp://updates.redhat.com/6.2/i386/krb5-server-1.1.1-21.i386.rpm
ftp://updates.redhat.com/6.2/i386/krb5-workstation-1.1.1-21.i386.rpm
alpha:
ftp://updates.redhat.com/6.2/alpha/krb5-configs-1.1.1-21.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/krb5-devel-1.1.1-21.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/krb5-libs-1.1.1-21.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/krb5-server-1.1.1-21.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/krb5-workstation-1.1.1-21.alpha.rpm
sparc:
ftp://updates.redhat.com/6.2/sparc/krb5-configs-1.1.1-21.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/krb5-devel-1.1.1-21.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/krb5-libs-1.1.1-21.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/krb5-server-1.1.1-21.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/krb5-workstation-1.1.1-21.sparc.rpm
sources:
ftp://updates.redhat.com/6.2/SRPMS/krb5-1.1.1-21.src.rpm
7. Verification:
MD5 sum Package Name
- --------------------------------------------------------------------------
f181b2037de905e80288e387b60f4e52 6.2/SRPMS/krb5-1.1.1-21.src.rpm
f561bcf39652922fe17c0f8f9d657a92 6.2/alpha/krb5-configs-1.1.1-21.alpha.rpm
182af71accb3ed83e8c3775b52474ea1 6.2/alpha/krb5-devel-1.1.1-21.alpha.rpm
ea27afca5259f61dc990859a68c08efc 6.2/alpha/krb5-libs-1.1.1-21.alpha.rpm
12cd0badc97753ede1ab24741e8b127a 6.2/alpha/krb5-server-1.1.1-21.alpha.rpm
583ca4a6755bdc4a248eaa5fe5a37418 6.2/alpha/krb5-workstation-1.1.1-21.alpha.rpm
3616f4ca518aebf7a6aba1fe9a8858fe 6.2/i386/krb5-configs-1.1.1-21.i386.rpm
d61dbe28620c5ff5fc8f6f87802875c4 6.2/i386/krb5-devel-1.1.1-21.i386.rpm
df9cca2508bc2a7bcfabb75ead5ec176 6.2/i386/krb5-libs-1.1.1-21.i386.rpm
a43f18ed47e8b59142c37460f9202b25 6.2/i386/krb5-server-1.1.1-21.i386.rpm
0fe3ee19148e92ac7b5d7a04f14168d0 6.2/i386/krb5-workstation-1.1.1-21.i386.rpm
b31276f906d284cbfc3afb03b7373ddb 6.2/sparc/krb5-configs-1.1.1-21.sparc.rpm
c29e9f755f42ca1c3112d8ebb4dc65df 6.2/sparc/krb5-devel-1.1.1-21.sparc.rpm
cd7af0e48f5144fa9020319e88ca8db4 6.2/sparc/krb5-libs-1.1.1-21.sparc.rpm
e4155d32ad39fd1989a60e8ff3d2562d 6.2/sparc/krb5-server-1.1.1-21.sparc.rpm
cbecb34317007c04480e258c3cf859bb 6.2/sparc/krb5-workstation-1.1.1-21.sparc.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
http://www.securityfocus.com/bid/1220
http://www.securityfocus.com/bid/1338
http://web.mit.edu/kerberos/www/advisories/index.html
Thanks to Chris Evans, Mike Friedman, Jim Paris, Matt Power, Andrew
Newman, Christopher R. Thompson, and Marcus Watts for reporting these
problems to us and the Kerberos 5 team.
- --------------------------END INCLUDED TEXT--------------------
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBOXXTcSh9+71yA2DNAQGcMQP/d7rC8YmuzPesk3yQanqv3sYjUS5pziH0
TNNevDyOQ+fmfuxuowuVphlCTJkNlTi7OPGa6myMyqc/Fj3lRz2G0OhL6v3IBM+a
sgEhatmiKRH6GfE76UYEQUm8DvtDPXHRYBZGPz3HOzRqWYkKOB7skAopivk/5hE9
SWt0jmIAxd4=
=BvL8
-----END PGP SIGNATURE-----