Skip to navigation

Security Advisory krb5 security update

Advisory: RHSA-2005:012-10
Type: Security Advisory
Severity: Moderate
Issued on: 2005-01-19
Last updated on: 2005-01-19
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2004-0971
CVE-2004-1189

Details

Updated Kerberos (krb5) packages that correct buffer overflow and temporary
file bugs are now available for Red Hat Enterprise Linux.

Kerberos is a networked authentication system that uses a trusted third
party (a KDC) to authenticate clients and servers to each other.

A heap based buffer overflow bug was found in the administration library of
Kerberos 1.3.5 and earlier. This bug could allow an authenticated remote
attacker to execute arbitrary commands on a realm's master Kerberos KDC.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1189 to this issue.

Additionally a temporary file bug was found in the Kerberos krb5-send-pr
program. It is possible that an attacker could create a temporary file
that would allow an arbitrary file to be overwritten which the victim has
write access to. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0971 to this issue.

All users of krb5 should upgrade to these updated packages, which contain
backported security patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)
IA-32:
krb5-devel-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: 69131ba25cf08532d55f1f5d392f501c
krb5-libs-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: e450f4b4d96bd13d51cd56cec1e5e568
krb5-workstation-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: 7c7f4cd7ebf4e9fc50e9c4f4ad9e2faf
 
x86_64:
krb5-devel-1.2.7-38.x86_64.rpm
File outdated by:  RHSA-2010:0423		     MD5: c9439fe08d70b776d081d5877af78995
krb5-libs-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: e450f4b4d96bd13d51cd56cec1e5e568
krb5-libs-1.2.7-38.x86_64.rpm
File outdated by:  RHSA-2010:0423		     MD5: fdfbb86d17c8129232a999e5d08f2a4f
krb5-workstation-1.2.7-38.x86_64.rpm
File outdated by:  RHSA-2010:0423		     MD5: c6a81c4cc4c5f8a6afa242b616651451
 
Red Hat Enterprise Linux AS (v. 2.1)
IA-32:
krb5-devel-1.2.2-32.i386.rpm
File outdated by:  RHSA-2009:0410		     MD5: 5e983e2655f19f5291a36e006d4258fe
krb5-libs-1.2.2-32.i386.rpm
File outdated by:  RHSA-2009:0410		     MD5: 3a6837c6854918d054574c845a81fe1e
krb5-server-1.2.2-32.i386.rpm
File outdated by:  RHSA-2009:0410		     MD5: 9d6720b7a0eb84e75c66f06910b7ac13
krb5-workstation-1.2.2-32.i386.rpm
File outdated by:  RHSA-2009:0410		     MD5: ea1826ed45658cdade4fa53f6692f2ac
 
IA-64:
krb5-devel-1.2.2-32.ia64.rpm
File outdated by:  RHSA-2009:0410		     MD5: 7641b31ba2d148739cf87b4d80725f4e
krb5-libs-1.2.2-32.ia64.rpm
File outdated by:  RHSA-2009:0410		     MD5: cf1d8835e783ff996241275049b90275
krb5-server-1.2.2-32.ia64.rpm
File outdated by:  RHSA-2009:0410		     MD5: 95944c38c02a0985737ce92a974397e3
krb5-workstation-1.2.2-32.ia64.rpm
File outdated by:  RHSA-2009:0410		     MD5: 3e318a692f05c640da6b25d5134cda87
 
Red Hat Enterprise Linux AS (v. 3)
IA-32:
krb5-devel-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: 69131ba25cf08532d55f1f5d392f501c
krb5-libs-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: e450f4b4d96bd13d51cd56cec1e5e568
krb5-server-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: dd38fa05c17e9e986b4d1181e695b3df
krb5-workstation-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: 7c7f4cd7ebf4e9fc50e9c4f4ad9e2faf
 
IA-64:
krb5-devel-1.2.7-38.ia64.rpm
File outdated by:  RHSA-2010:0423		     MD5: 361f9ea375518c1db1e1bd8b3c63cce7
krb5-libs-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: e450f4b4d96bd13d51cd56cec1e5e568
krb5-libs-1.2.7-38.ia64.rpm
File outdated by:  RHSA-2010:0423		     MD5: a96e16502096c19b2d8b0c3eea4b77b5
krb5-server-1.2.7-38.ia64.rpm
File outdated by:  RHSA-2010:0423		     MD5: ac2c8fe8e7d8dfc9be4fea96f7283bac
krb5-workstation-1.2.7-38.ia64.rpm
File outdated by:  RHSA-2010:0423		     MD5: 96303cbcd45e7fb93b93bda92047a7e9
 
PPC:
krb5-devel-1.2.7-38.ppc.rpm
File outdated by:  RHSA-2010:0423		     MD5: 18807f63b63422fd8bce85ea2ba0c8e4
krb5-libs-1.2.7-38.ppc.rpm
File outdated by:  RHSA-2010:0423		     MD5: 89795f2d52b519f80a1df8fcddb0cb24
krb5-libs-1.2.7-38.ppc64.rpm
File outdated by:  RHSA-2010:0423		     MD5: c552f8269adb38dbf21686e74085fb85
krb5-server-1.2.7-38.ppc.rpm
File outdated by:  RHSA-2010:0423		     MD5: 0a3b6bb917d51d6a3cb19e8d2b194001
krb5-workstation-1.2.7-38.ppc.rpm
File outdated by:  RHSA-2010:0423		     MD5: 5917e264b07a6469e30c2ea87b6fc1fd
 
s390:
krb5-devel-1.2.7-38.s390.rpm
File outdated by:  RHSA-2010:0423		     MD5: ce047097ae7b876514b9395e1b8524df
krb5-libs-1.2.7-38.s390.rpm
File outdated by:  RHSA-2010:0423		     MD5: a070cad5f21a22f7611ae641eb4b91f5
krb5-server-1.2.7-38.s390.rpm
File outdated by:  RHSA-2010:0423		     MD5: 1340f95c60414347b525a0b22cf72c03
krb5-workstation-1.2.7-38.s390.rpm
File outdated by:  RHSA-2010:0423		     MD5: 0f82ce679c7f7d6750e6bf98330cfb5b
 
s390x:
krb5-devel-1.2.7-38.s390x.rpm
File outdated by:  RHSA-2010:0423		     MD5: 4d90a77748aaacd818d9e3f77433618b
krb5-libs-1.2.7-38.s390.rpm
File outdated by:  RHSA-2010:0423		     MD5: a070cad5f21a22f7611ae641eb4b91f5
krb5-libs-1.2.7-38.s390x.rpm
File outdated by:  RHSA-2010:0423		     MD5: 0894dff280fc7550086b94a6737f1f45
krb5-server-1.2.7-38.s390x.rpm
File outdated by:  RHSA-2010:0423		     MD5: 084688d5e785317fc7e485ecc75710a8
krb5-workstation-1.2.7-38.s390x.rpm
File outdated by:  RHSA-2010:0423		     MD5: 128834612bbe91305293d8d77c7bde7a
 
x86_64:
krb5-devel-1.2.7-38.x86_64.rpm
File outdated by:  RHSA-2010:0423		     MD5: c9439fe08d70b776d081d5877af78995
krb5-libs-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: e450f4b4d96bd13d51cd56cec1e5e568
krb5-libs-1.2.7-38.x86_64.rpm
File outdated by:  RHSA-2010:0423		     MD5: fdfbb86d17c8129232a999e5d08f2a4f
krb5-server-1.2.7-38.x86_64.rpm
File outdated by:  RHSA-2010:0423		     MD5: fb069e8ce3c2ba661d1e4bc944b5b77d
krb5-workstation-1.2.7-38.x86_64.rpm
File outdated by:  RHSA-2010:0423		     MD5: c6a81c4cc4c5f8a6afa242b616651451
 
Red Hat Enterprise Linux ES (v. 2.1)
IA-32:
krb5-devel-1.2.2-32.i386.rpm
File outdated by:  RHSA-2009:0410		     MD5: 5e983e2655f19f5291a36e006d4258fe
krb5-libs-1.2.2-32.i386.rpm
File outdated by:  RHSA-2009:0410		     MD5: 3a6837c6854918d054574c845a81fe1e
krb5-server-1.2.2-32.i386.rpm
File outdated by:  RHSA-2009:0410		     MD5: 9d6720b7a0eb84e75c66f06910b7ac13
krb5-workstation-1.2.2-32.i386.rpm
File outdated by:  RHSA-2009:0410		     MD5: ea1826ed45658cdade4fa53f6692f2ac
 
Red Hat Enterprise Linux ES (v. 3)
IA-32:
krb5-devel-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: 69131ba25cf08532d55f1f5d392f501c
krb5-libs-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: e450f4b4d96bd13d51cd56cec1e5e568
krb5-server-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: dd38fa05c17e9e986b4d1181e695b3df
krb5-workstation-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: 7c7f4cd7ebf4e9fc50e9c4f4ad9e2faf
 
IA-64:
krb5-devel-1.2.7-38.ia64.rpm
File outdated by:  RHSA-2010:0423		     MD5: 361f9ea375518c1db1e1bd8b3c63cce7
krb5-libs-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: e450f4b4d96bd13d51cd56cec1e5e568
krb5-libs-1.2.7-38.ia64.rpm
File outdated by:  RHSA-2010:0423		     MD5: a96e16502096c19b2d8b0c3eea4b77b5
krb5-server-1.2.7-38.ia64.rpm
File outdated by:  RHSA-2010:0423		     MD5: ac2c8fe8e7d8dfc9be4fea96f7283bac
krb5-workstation-1.2.7-38.ia64.rpm
File outdated by:  RHSA-2010:0423		     MD5: 96303cbcd45e7fb93b93bda92047a7e9
 
x86_64:
krb5-devel-1.2.7-38.x86_64.rpm
File outdated by:  RHSA-2010:0423		     MD5: c9439fe08d70b776d081d5877af78995
krb5-libs-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: e450f4b4d96bd13d51cd56cec1e5e568
krb5-libs-1.2.7-38.x86_64.rpm
File outdated by:  RHSA-2010:0423		     MD5: fdfbb86d17c8129232a999e5d08f2a4f
krb5-server-1.2.7-38.x86_64.rpm
File outdated by:  RHSA-2010:0423		     MD5: fb069e8ce3c2ba661d1e4bc944b5b77d
krb5-workstation-1.2.7-38.x86_64.rpm
File outdated by:  RHSA-2010:0423		     MD5: c6a81c4cc4c5f8a6afa242b616651451
 
Red Hat Enterprise Linux WS (v. 2.1)
IA-32:
krb5-devel-1.2.2-32.i386.rpm
File outdated by:  RHSA-2009:0410		     MD5: 5e983e2655f19f5291a36e006d4258fe
krb5-libs-1.2.2-32.i386.rpm
File outdated by:  RHSA-2009:0410		     MD5: 3a6837c6854918d054574c845a81fe1e
krb5-server-1.2.2-32.i386.rpm
File outdated by:  RHSA-2009:0410		     MD5: 9d6720b7a0eb84e75c66f06910b7ac13
krb5-workstation-1.2.2-32.i386.rpm
File outdated by:  RHSA-2009:0410		     MD5: ea1826ed45658cdade4fa53f6692f2ac
 
Red Hat Enterprise Linux WS (v. 3)
IA-32:
krb5-devel-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: 69131ba25cf08532d55f1f5d392f501c
krb5-libs-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: e450f4b4d96bd13d51cd56cec1e5e568
krb5-workstation-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: 7c7f4cd7ebf4e9fc50e9c4f4ad9e2faf
 
IA-64:
krb5-devel-1.2.7-38.ia64.rpm
File outdated by:  RHSA-2010:0423		     MD5: 361f9ea375518c1db1e1bd8b3c63cce7
krb5-libs-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: e450f4b4d96bd13d51cd56cec1e5e568
krb5-libs-1.2.7-38.ia64.rpm
File outdated by:  RHSA-2010:0423		     MD5: a96e16502096c19b2d8b0c3eea4b77b5
krb5-workstation-1.2.7-38.ia64.rpm
File outdated by:  RHSA-2010:0423		     MD5: 96303cbcd45e7fb93b93bda92047a7e9
 
x86_64:
krb5-devel-1.2.7-38.x86_64.rpm
File outdated by:  RHSA-2010:0423		     MD5: c9439fe08d70b776d081d5877af78995
krb5-libs-1.2.7-38.i386.rpm
File outdated by:  RHSA-2010:0423		     MD5: e450f4b4d96bd13d51cd56cec1e5e568
krb5-libs-1.2.7-38.x86_64.rpm
File outdated by:  RHSA-2010:0423		     MD5: fdfbb86d17c8129232a999e5d08f2a4f
krb5-workstation-1.2.7-38.x86_64.rpm
File outdated by:  RHSA-2010:0423		     MD5: c6a81c4cc4c5f8a6afa242b616651451
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
IA-64:
krb5-devel-1.2.2-32.ia64.rpm
File outdated by:  RHSA-2009:0410		     MD5: 7641b31ba2d148739cf87b4d80725f4e
krb5-libs-1.2.2-32.ia64.rpm
File outdated by:  RHSA-2009:0410		     MD5: cf1d8835e783ff996241275049b90275
krb5-server-1.2.2-32.ia64.rpm
File outdated by:  RHSA-2009:0410		     MD5: 95944c38c02a0985737ce92a974397e3
krb5-workstation-1.2.2-32.ia64.rpm
File outdated by:  RHSA-2009:0410		     MD5: 3e318a692f05c640da6b25d5134cda87
 

Bugs fixed (see bugzilla for more information)

136304 - CAN-2004-0971 temporary file vulnerabilities in krb5-send-pr script
140066 - CAN-2004-0971 temporary file vulnerabilities in krb5-send-pr script
142902 - CAN-2004-1189 buffer overflow in krb5


References

https://www.redhat.com/security/data/cve/CVE-2004-0971.html
https://www.redhat.com/security/data/cve/CVE-2004-1189.html
http://www.securityfocus.com/bid/11289

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/