Skip to navigation

Security Advisory krb5 security update

Advisory: RHSA-2005:045-13
Type: Security Advisory
Severity: Moderate
Issued on: 2005-02-15
Last updated on: 2005-02-15
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2004-1189

Details

Updated Kerberos (krb5) packages that correct a buffer overflow bug are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

Kerberos is a networked authentication system that uses a trusted third
party (a KDC) to authenticate clients and servers to each other.

A heap based buffer overflow bug was found in the administration library of
Kerberos 1.3.5 and earlier. This bug could allow an authenticated remote
attacker to execute arbitrary commands on a realm's master Kerberos KDC.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1189 to this issue.

All users of krb5 should upgrade to these updated packages, which contain
backported security patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)
IA-32:
krb5-devel-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 78799ca1e8c98f8fcb00209b46dfce41
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 840838ec3616305979c304fda0e8d7fe
krb5-server-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 41539a24d42aded4759aea32192ac1d6
krb5-workstation-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 0cffdea74c77bf39d41ee5ea93976f01
 
x86_64:
krb5-devel-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 9108d9950729adeb09f3ad103cec7381
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 840838ec3616305979c304fda0e8d7fe
krb5-libs-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 8e5f807f0aa56cb4111fb26a6e36badd
krb5-server-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 1e52826d2c9770b1e57b94d2083a14dd
krb5-workstation-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 627d3c67962cd3410fa410543a849116
 
Red Hat Enterprise Linux AS (v. 4)
IA-32:
krb5-devel-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 78799ca1e8c98f8fcb00209b46dfce41
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 840838ec3616305979c304fda0e8d7fe
krb5-server-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 41539a24d42aded4759aea32192ac1d6
krb5-workstation-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 0cffdea74c77bf39d41ee5ea93976f01
 
IA-64:
krb5-devel-1.3.4-10.ia64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 14ecc7c0ece19e49b7cc6bd7c5858949
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 840838ec3616305979c304fda0e8d7fe
krb5-libs-1.3.4-10.ia64.rpm
File outdated by:  RHSA-2011:1851		     MD5: fdd4eed7c2481af9d3ffb2d41c3f07f9
krb5-server-1.3.4-10.ia64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 5d6d33738eb5a7ab0063a72ce3adc94c
krb5-workstation-1.3.4-10.ia64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 03038d68414e227a70916fa8355ef7e9
 
PPC:
krb5-devel-1.3.4-10.ppc.rpm
File outdated by:  RHSA-2011:1851		     MD5: d0adec45ee8e0a5bda3b97f6f68a5199
krb5-libs-1.3.4-10.ppc.rpm
File outdated by:  RHSA-2011:1851		     MD5: 16790be4051537f2656459da6a37067c
krb5-libs-1.3.4-10.ppc64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 896c76f83d8f4234e926709d806f6254
krb5-server-1.3.4-10.ppc.rpm
File outdated by:  RHSA-2011:1851		     MD5: b2fd65dbd28b0ec275f4a37c86f557d7
krb5-workstation-1.3.4-10.ppc.rpm
File outdated by:  RHSA-2011:1851		     MD5: c1b37834a125fad0ae9f3f4cf9d17ae0
 
s390:
krb5-devel-1.3.4-10.s390.rpm
File outdated by:  RHSA-2011:1851		     MD5: 567fe5f87682f08910e9771eb90036dd
krb5-libs-1.3.4-10.s390.rpm
File outdated by:  RHSA-2011:1851		     MD5: c42bbb32fceaca6aae6ba4a42f821245
krb5-server-1.3.4-10.s390.rpm
File outdated by:  RHSA-2011:1851		     MD5: 04d67d9043a1e7ac33e00caeaed7b880
krb5-workstation-1.3.4-10.s390.rpm
File outdated by:  RHSA-2011:1851		     MD5: 2669caea6f3d4b583e2a85dd3e1b9c03
 
s390x:
krb5-devel-1.3.4-10.s390x.rpm
File outdated by:  RHSA-2011:1851		     MD5: 96192adee5cd4cc22aacede6d1622700
krb5-libs-1.3.4-10.s390.rpm
File outdated by:  RHSA-2011:1851		     MD5: c42bbb32fceaca6aae6ba4a42f821245
krb5-libs-1.3.4-10.s390x.rpm
File outdated by:  RHSA-2011:1851		     MD5: dabae34a4365ed7506965c0f225bb640
krb5-server-1.3.4-10.s390x.rpm
File outdated by:  RHSA-2011:1851		     MD5: ab19809471f301094225c850e6a46024
krb5-workstation-1.3.4-10.s390x.rpm
File outdated by:  RHSA-2011:1851		     MD5: 5d685ebb30c8889f86171dd7c16d6606
 
x86_64:
krb5-devel-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 9108d9950729adeb09f3ad103cec7381
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 840838ec3616305979c304fda0e8d7fe
krb5-libs-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 8e5f807f0aa56cb4111fb26a6e36badd
krb5-server-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 1e52826d2c9770b1e57b94d2083a14dd
krb5-workstation-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 627d3c67962cd3410fa410543a849116
 
Red Hat Enterprise Linux ES (v. 4)
IA-32:
krb5-devel-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 78799ca1e8c98f8fcb00209b46dfce41
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 840838ec3616305979c304fda0e8d7fe
krb5-server-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 41539a24d42aded4759aea32192ac1d6
krb5-workstation-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 0cffdea74c77bf39d41ee5ea93976f01
 
IA-64:
krb5-devel-1.3.4-10.ia64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 14ecc7c0ece19e49b7cc6bd7c5858949
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 840838ec3616305979c304fda0e8d7fe
krb5-libs-1.3.4-10.ia64.rpm
File outdated by:  RHSA-2011:1851		     MD5: fdd4eed7c2481af9d3ffb2d41c3f07f9
krb5-server-1.3.4-10.ia64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 5d6d33738eb5a7ab0063a72ce3adc94c
krb5-workstation-1.3.4-10.ia64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 03038d68414e227a70916fa8355ef7e9
 
x86_64:
krb5-devel-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 9108d9950729adeb09f3ad103cec7381
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 840838ec3616305979c304fda0e8d7fe
krb5-libs-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 8e5f807f0aa56cb4111fb26a6e36badd
krb5-server-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 1e52826d2c9770b1e57b94d2083a14dd
krb5-workstation-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 627d3c67962cd3410fa410543a849116
 
Red Hat Enterprise Linux WS (v. 4)
IA-32:
krb5-devel-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 78799ca1e8c98f8fcb00209b46dfce41
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 840838ec3616305979c304fda0e8d7fe
krb5-server-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 41539a24d42aded4759aea32192ac1d6
krb5-workstation-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 0cffdea74c77bf39d41ee5ea93976f01
 
IA-64:
krb5-devel-1.3.4-10.ia64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 14ecc7c0ece19e49b7cc6bd7c5858949
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 840838ec3616305979c304fda0e8d7fe
krb5-libs-1.3.4-10.ia64.rpm
File outdated by:  RHSA-2011:1851		     MD5: fdd4eed7c2481af9d3ffb2d41c3f07f9
krb5-server-1.3.4-10.ia64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 5d6d33738eb5a7ab0063a72ce3adc94c
krb5-workstation-1.3.4-10.ia64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 03038d68414e227a70916fa8355ef7e9
 
x86_64:
krb5-devel-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 9108d9950729adeb09f3ad103cec7381
krb5-libs-1.3.4-10.i386.rpm
File outdated by:  RHSA-2011:1851		     MD5: 840838ec3616305979c304fda0e8d7fe
krb5-libs-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 8e5f807f0aa56cb4111fb26a6e36badd
krb5-server-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 1e52826d2c9770b1e57b94d2083a14dd
krb5-workstation-1.3.4-10.x86_64.rpm
File outdated by:  RHSA-2011:1851		     MD5: 627d3c67962cd3410fa410543a849116
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

139235 - krsh problem
144196 - CAN-2004-1189 buffer overflow in krb5


References

https://www.redhat.com/security/data/cve/CVE-2004-1189.html
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-004-pwhist.txt

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/