Updated Kerberos 5 packages are now available for Red Hat Linux.

Security vulnerabilities have been found in the Kerberos 5 implementation
shipped with Red Hat Linux 6.2.

A number of possible buffer overruns were found in libraries included
in the affected packages. A denial-of-service vulnerability was also found
in the ksu program.

* A remote user may gain unauthorized root access to a machine running
services authenticated with Kerberos 4.

* A remote user may gain unauthorized root access to a machine running
krshd, regardless of whether the program is configured to accept
Kerberos 4 authentication.

* A local user may gain unauthorized root access by exploiting v4rcp
or ksu.

* A remote user can cause a KDC to become unresponsive or crash by sending
it an improperly formatted request.

* A remote user may execute certain FTP commands without authorization
on systems using the FTP server included in the krb5-workstation
package.

* An attacker with access to a local account may gain unauthorized
root access on systems using the FTP server included in the
krb5-workstation package.

The prior errata announcement for these package contained incorrect md5sum
values. The correct md5sums are listed below.

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0392
http://www.securityfocus.com/bid/1220
http://www.securityfocus.com/bid/1338
http://web.mit.edu/kerberos/www/advisories/index.html

Thanks to Chris Evans, Mike Friedman, Jim Paris, Matt Power, Andrew
Newman, Christopher R. Thompson, and Marcus Watts for reporting these
problems to us and the Kerberos 5 team.

N/A