Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2000.143 -- RHSA-2000:025-13 (Revised) Updated Kerberos 5 packages are now available for Red Hat Linux. 19 June 2000 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Kerberos 5 Vendor: Red Hat Operating System: Linux Platform: N/A Impact: Root Compromise Denial of Service Access Required: Remote Local Ref: ESB-2000.141 - --------------------------BEGIN INCLUDED TEXT-------------------- - --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Updated Kerberos 5 packages are now available for Red Hat Linux. Advisory ID: RHSA-2000:025-13 Issue date: 2000-05-16 Updated on: 2000-06-16 Product: Red Hat Linux Keywords: N/A Cross references: N/A - --------------------------------------------------------------------- 1. Topic: Security vulnerabilities have been found in the Kerberos 5 implementation shipped with Red Hat Linux 6.2. 2. Relevant releases/architectures: Red Hat Linux 6.2 - i386 alpha sparc 3. Problem description: A number of possible buffer overruns were found in libraries included in the affected packages. A denial-of-service vulnerability was also found in the ksu program. * A remote user may gain unauthorized root access to a machine running services authenticated with Kerberos 4. * A remote user may gain unauthorized root access to a machine running krshd, regardless of whether the program is configured to accept Kerberos 4 authentication. * A local user may gain unauthorized root access by exploiting v4rcp or ksu. * A remote user can cause a KDC to become unresponsive or crash by sending it an improperly formatted request. * A remote user may execute certain FTP commands without authorization on systems using the FTP server included in the krb5-workstation package. * An attacker with access to a local account may gain unauthorized root access on systems using the FTP server included in the krb5-workstation package. The prior errata announcement for these package contained incorrect md5sum values. The correct md5sums are listed below. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 10653 - 'stat' unresolved on "libkrb5.so.2.2" load 11496 - security-updated krb5 packages fail dependencies 6. RPMs required: Red Hat Linux 6.2: intel: ftp://updates.redhat.com/6.2/i386/krb5-configs-1.1.1-21.i386.rpm ftp://updates.redhat.com/6.2/i386/krb5-devel-1.1.1-21.i386.rpm ftp://updates.redhat.com/6.2/i386/krb5-libs-1.1.1-21.i386.rpm ftp://updates.redhat.com/6.2/i386/krb5-server-1.1.1-21.i386.rpm ftp://updates.redhat.com/6.2/i386/krb5-workstation-1.1.1-21.i386.rpm alpha: ftp://updates.redhat.com/6.2/alpha/krb5-configs-1.1.1-21.alpha.rpm ftp://updates.redhat.com/6.2/alpha/krb5-devel-1.1.1-21.alpha.rpm ftp://updates.redhat.com/6.2/alpha/krb5-libs-1.1.1-21.alpha.rpm ftp://updates.redhat.com/6.2/alpha/krb5-server-1.1.1-21.alpha.rpm ftp://updates.redhat.com/6.2/alpha/krb5-workstation-1.1.1-21.alpha.rpm sparc: ftp://updates.redhat.com/6.2/sparc/krb5-configs-1.1.1-21.sparc.rpm ftp://updates.redhat.com/6.2/sparc/krb5-devel-1.1.1-21.sparc.rpm ftp://updates.redhat.com/6.2/sparc/krb5-libs-1.1.1-21.sparc.rpm ftp://updates.redhat.com/6.2/sparc/krb5-server-1.1.1-21.sparc.rpm ftp://updates.redhat.com/6.2/sparc/krb5-workstation-1.1.1-21.sparc.rpm sources: ftp://updates.redhat.com/6.2/SRPMS/krb5-1.1.1-21.src.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- f181b2037de905e80288e387b60f4e52 6.2/SRPMS/krb5-1.1.1-21.src.rpm f561bcf39652922fe17c0f8f9d657a92 6.2/alpha/krb5-configs-1.1.1-21.alpha.rpm 182af71accb3ed83e8c3775b52474ea1 6.2/alpha/krb5-devel-1.1.1-21.alpha.rpm ea27afca5259f61dc990859a68c08efc 6.2/alpha/krb5-libs-1.1.1-21.alpha.rpm 12cd0badc97753ede1ab24741e8b127a 6.2/alpha/krb5-server-1.1.1-21.alpha.rpm 583ca4a6755bdc4a248eaa5fe5a37418 6.2/alpha/krb5-workstation-1.1.1-21.alpha.rpm 3616f4ca518aebf7a6aba1fe9a8858fe 6.2/i386/krb5-configs-1.1.1-21.i386.rpm d61dbe28620c5ff5fc8f6f87802875c4 6.2/i386/krb5-devel-1.1.1-21.i386.rpm df9cca2508bc2a7bcfabb75ead5ec176 6.2/i386/krb5-libs-1.1.1-21.i386.rpm a43f18ed47e8b59142c37460f9202b25 6.2/i386/krb5-server-1.1.1-21.i386.rpm 0fe3ee19148e92ac7b5d7a04f14168d0 6.2/i386/krb5-workstation-1.1.1-21.i386.rpm b31276f906d284cbfc3afb03b7373ddb 6.2/sparc/krb5-configs-1.1.1-21.sparc.rpm c29e9f755f42ca1c3112d8ebb4dc65df 6.2/sparc/krb5-devel-1.1.1-21.sparc.rpm cd7af0e48f5144fa9020319e88ca8db4 6.2/sparc/krb5-libs-1.1.1-21.sparc.rpm e4155d32ad39fd1989a60e8ff3d2562d 6.2/sparc/krb5-server-1.1.1-21.sparc.rpm cbecb34317007c04480e258c3cf859bb 6.2/sparc/krb5-workstation-1.1.1-21.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://www.securityfocus.com/bid/1220 http://www.securityfocus.com/bid/1338 http://web.mit.edu/kerberos/www/advisories/index.html Thanks to Chris Evans, Mike Friedman, Jim Paris, Matt Power, Andrew Newman, Christopher R. Thompson, and Marcus Watts for reporting these problems to us and the Kerberos 5 team. - --------------------------END INCLUDED TEXT-------------------- This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the original authors to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/Information/advisories.html If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBOXXTcSh9+71yA2DNAQGcMQP/d7rC8YmuzPesk3yQanqv3sYjUS5pziH0 TNNevDyOQ+fmfuxuowuVphlCTJkNlTi7OPGa6myMyqc/Fj3lRz2G0OhL6v3IBM+a sgEhatmiKRH6GfE76UYEQUm8DvtDPXHRYBZGPz3HOzRqWYkKOB7skAopivk/5hE9 SWt0jmIAxd4= =BvL8 -----END PGP SIGNATURE-----