Skip to navigation

Security Advisory Critical: krb5 security update

Advisory: RHSA-2008:0181-3
Type: Security Advisory
Severity: Critical
Issued on: 2008-03-18
Last updated on: 2008-03-18
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2008-0062
CVE-2008-0063
CVE-2008-0948

Details

Updated krb5 packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 2.1 and 3.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.

A flaw was found in the way the MIT Kerberos Authentication Service and Key
Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.
An unauthenticated remote attacker could use this flaw to crash the
krb5kdc daemon, disclose portions of its memory, or possibly execute
arbitrary code using malformed or truncated Kerberos v4 protocol
requests. (CVE-2008-0062, CVE-2008-0063)

This issue only affected krb5kdc with Kerberos v4 protocol compatibility
enabled, which is the default setting on Red Hat Enterprise Linux 4.
Kerberos v4 protocol support can be disabled by adding "v4_mode=none"
(without the quotes) to the "[kdcdefaults]" section of
/var/kerberos/krb5kdc/kdc.conf.

A flaw was found in the RPC library used by the MIT Kerberos kadmind
server. An unauthenticated remote attacker could use this flaw to crash
kadmind. This issue only affected systems with certain resource limits
configured and did not affect systems using default resource limits used by
Red Hat Enterprise Linux 2.1 or 3. (CVE-2008-0948)

Red Hat would like to thank MIT for reporting these issues.

All krb5 users are advised to update to these erratum packages which
contain backported fixes to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
krb5-1.2.7-68.src.rpm
File outdated by:  RHSA-2010:0423
    MD5: 42da88bdd9fe9adb7e272ec1e5b6f841
 
IA-32:
krb5-devel-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 5e8f5eb3275d17825cb2fefc58b49dcc
krb5-libs-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 87ed05fa065b652d58bdbb1eda72a427
krb5-server-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: db6c6bc823b4cb9d6f58b0ae464626a3
krb5-workstation-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 7d8f73774b192bca9b11f256f24ae918
 
x86_64:
krb5-devel-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: cd44012885d41082872e1132ba7a6552
krb5-libs-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 87ed05fa065b652d58bdbb1eda72a427
krb5-libs-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: ad056b50ef5579107c93bf0b5a98befb
krb5-server-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: ff993373a70f300254f87840d6e2e8ba
krb5-workstation-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: bd3fab11c8f146b435380c7cf2de2d89
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
krb5-1.2.2-48.src.rpm
File outdated by:  RHSA-2009:0410
    MD5: 3fe933ab13ddd79b9189154250ee80b4
 
IA-32:
krb5-devel-1.2.2-48.i386.rpm
File outdated by:  RHSA-2009:0410
    MD5: 8c34c8e99d309abb44836944bcdb59e8
krb5-libs-1.2.2-48.i386.rpm
File outdated by:  RHSA-2009:0410
    MD5: 055af9ec2284bfd194a096aa3f1e85d4
krb5-server-1.2.2-48.i386.rpm
File outdated by:  RHSA-2009:0410
    MD5: 3f292540e5f6bcda1104fd5f1fba8fbf
krb5-workstation-1.2.2-48.i386.rpm
File outdated by:  RHSA-2009:0410
    MD5: 44479d795675f9a26734073a445aba84
 
IA-64:
krb5-devel-1.2.2-48.ia64.rpm
File outdated by:  RHSA-2009:0410
    MD5: 58f97e4d108c985193e9947a98223a05
krb5-libs-1.2.2-48.ia64.rpm
File outdated by:  RHSA-2009:0410
    MD5: c6e82f4ce7885819579fc0f50f40520e
krb5-server-1.2.2-48.ia64.rpm
File outdated by:  RHSA-2009:0410
    MD5: eef8b037f731689deaa84eb755df159e
krb5-workstation-1.2.2-48.ia64.rpm
File outdated by:  RHSA-2009:0410
    MD5: 32622b9beb4842a9a32f829f81ccab87
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
krb5-1.2.7-68.src.rpm
File outdated by:  RHSA-2010:0423
    MD5: 42da88bdd9fe9adb7e272ec1e5b6f841
 
IA-32:
krb5-devel-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 5e8f5eb3275d17825cb2fefc58b49dcc
krb5-libs-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 87ed05fa065b652d58bdbb1eda72a427
krb5-server-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: db6c6bc823b4cb9d6f58b0ae464626a3
krb5-workstation-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 7d8f73774b192bca9b11f256f24ae918
 
IA-64:
krb5-devel-1.2.7-68.ia64.rpm
File outdated by:  RHSA-2010:0423
    MD5: 38cd094e4613ff1967976c3ac49597e6
krb5-libs-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 87ed05fa065b652d58bdbb1eda72a427
krb5-libs-1.2.7-68.ia64.rpm
File outdated by:  RHSA-2010:0423
    MD5: 5b50fab97ff524bf259d248c25095195
krb5-server-1.2.7-68.ia64.rpm
File outdated by:  RHSA-2010:0423
    MD5: 78dcc661024ba730d349da748efbb35b
krb5-workstation-1.2.7-68.ia64.rpm
File outdated by:  RHSA-2010:0423
    MD5: 8f8de4cdc7ce4569454eb464b9165a72
 
PPC:
krb5-devel-1.2.7-68.ppc.rpm
File outdated by:  RHSA-2010:0423
    MD5: b34a5c4fcada4bc13517fc760f017a95
krb5-libs-1.2.7-68.ppc.rpm
File outdated by:  RHSA-2010:0423
    MD5: a18d710b6400246c904cc62ba0581cfd
krb5-libs-1.2.7-68.ppc64.rpm
File outdated by:  RHSA-2010:0423
    MD5: dfde2f2bd897ad4a28281c333d7e1b32
krb5-server-1.2.7-68.ppc.rpm
File outdated by:  RHSA-2010:0423
    MD5: 00fb82b8e2c24767fe9fc61a3ae052be
krb5-workstation-1.2.7-68.ppc.rpm
File outdated by:  RHSA-2010:0423
    MD5: 36b80bb10e5b8479bac0405de0050eec
 
s390:
krb5-devel-1.2.7-68.s390.rpm
File outdated by:  RHSA-2010:0423
    MD5: f098782a1554ef8f783586c700c756e6
krb5-libs-1.2.7-68.s390.rpm
File outdated by:  RHSA-2010:0423
    MD5: f9a4123a362d61aa7819f248a76688f1
krb5-server-1.2.7-68.s390.rpm
File outdated by:  RHSA-2010:0423
    MD5: bf3486b15eaa3caf931d5da92f35cd0e
krb5-workstation-1.2.7-68.s390.rpm
File outdated by:  RHSA-2010:0423
    MD5: cf76c19dc6d259d97b722a940842d929
 
s390x:
krb5-devel-1.2.7-68.s390x.rpm
File outdated by:  RHSA-2010:0423
    MD5: 8c35dbc5010f41d9147540c4b8b4d588
krb5-libs-1.2.7-68.s390.rpm
File outdated by:  RHSA-2010:0423
    MD5: f9a4123a362d61aa7819f248a76688f1
krb5-libs-1.2.7-68.s390x.rpm
File outdated by:  RHSA-2010:0423
    MD5: 439fbad34301b7a957d34df09de96a1b
krb5-server-1.2.7-68.s390x.rpm
File outdated by:  RHSA-2010:0423
    MD5: cec257e62b71e3d48b2df07d1a6447d1
krb5-workstation-1.2.7-68.s390x.rpm
File outdated by:  RHSA-2010:0423
    MD5: 612c21cac61bffc4a29ee3260141918d
 
x86_64:
krb5-devel-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: cd44012885d41082872e1132ba7a6552
krb5-libs-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 87ed05fa065b652d58bdbb1eda72a427
krb5-libs-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: ad056b50ef5579107c93bf0b5a98befb
krb5-server-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: ff993373a70f300254f87840d6e2e8ba
krb5-workstation-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: bd3fab11c8f146b435380c7cf2de2d89
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
krb5-1.2.2-48.src.rpm
File outdated by:  RHSA-2009:0410
    MD5: 3fe933ab13ddd79b9189154250ee80b4
 
IA-32:
krb5-devel-1.2.2-48.i386.rpm
File outdated by:  RHSA-2009:0410
    MD5: 8c34c8e99d309abb44836944bcdb59e8
krb5-libs-1.2.2-48.i386.rpm
File outdated by:  RHSA-2009:0410
    MD5: 055af9ec2284bfd194a096aa3f1e85d4
krb5-server-1.2.2-48.i386.rpm
File outdated by:  RHSA-2009:0410
    MD5: 3f292540e5f6bcda1104fd5f1fba8fbf
krb5-workstation-1.2.2-48.i386.rpm
File outdated by:  RHSA-2009:0410
    MD5: 44479d795675f9a26734073a445aba84
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
krb5-1.2.7-68.src.rpm
File outdated by:  RHSA-2010:0423
    MD5: 42da88bdd9fe9adb7e272ec1e5b6f841
 
IA-32:
krb5-devel-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 5e8f5eb3275d17825cb2fefc58b49dcc
krb5-libs-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 87ed05fa065b652d58bdbb1eda72a427
krb5-server-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: db6c6bc823b4cb9d6f58b0ae464626a3
krb5-workstation-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 7d8f73774b192bca9b11f256f24ae918
 
IA-64:
krb5-devel-1.2.7-68.ia64.rpm
File outdated by:  RHSA-2010:0423
    MD5: 38cd094e4613ff1967976c3ac49597e6
krb5-libs-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 87ed05fa065b652d58bdbb1eda72a427
krb5-libs-1.2.7-68.ia64.rpm
File outdated by:  RHSA-2010:0423
    MD5: 5b50fab97ff524bf259d248c25095195
krb5-server-1.2.7-68.ia64.rpm
File outdated by:  RHSA-2010:0423
    MD5: 78dcc661024ba730d349da748efbb35b
krb5-workstation-1.2.7-68.ia64.rpm
File outdated by:  RHSA-2010:0423
    MD5: 8f8de4cdc7ce4569454eb464b9165a72
 
x86_64:
krb5-devel-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: cd44012885d41082872e1132ba7a6552
krb5-libs-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 87ed05fa065b652d58bdbb1eda72a427
krb5-libs-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: ad056b50ef5579107c93bf0b5a98befb
krb5-server-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: ff993373a70f300254f87840d6e2e8ba
krb5-workstation-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: bd3fab11c8f146b435380c7cf2de2d89
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
krb5-1.2.2-48.src.rpm
File outdated by:  RHSA-2009:0410
    MD5: 3fe933ab13ddd79b9189154250ee80b4
 
IA-32:
krb5-devel-1.2.2-48.i386.rpm
File outdated by:  RHSA-2009:0410
    MD5: 8c34c8e99d309abb44836944bcdb59e8
krb5-libs-1.2.2-48.i386.rpm
File outdated by:  RHSA-2009:0410
    MD5: 055af9ec2284bfd194a096aa3f1e85d4
krb5-server-1.2.2-48.i386.rpm
File outdated by:  RHSA-2009:0410
    MD5: 3f292540e5f6bcda1104fd5f1fba8fbf
krb5-workstation-1.2.2-48.i386.rpm
File outdated by:  RHSA-2009:0410
    MD5: 44479d795675f9a26734073a445aba84
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
krb5-1.2.7-68.src.rpm
File outdated by:  RHSA-2010:0423
    MD5: 42da88bdd9fe9adb7e272ec1e5b6f841
 
IA-32:
krb5-devel-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 5e8f5eb3275d17825cb2fefc58b49dcc
krb5-libs-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 87ed05fa065b652d58bdbb1eda72a427
krb5-server-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: db6c6bc823b4cb9d6f58b0ae464626a3
krb5-workstation-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 7d8f73774b192bca9b11f256f24ae918
 
IA-64:
krb5-devel-1.2.7-68.ia64.rpm
File outdated by:  RHSA-2010:0423
    MD5: 38cd094e4613ff1967976c3ac49597e6
krb5-libs-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 87ed05fa065b652d58bdbb1eda72a427
krb5-libs-1.2.7-68.ia64.rpm
File outdated by:  RHSA-2010:0423
    MD5: 5b50fab97ff524bf259d248c25095195
krb5-server-1.2.7-68.ia64.rpm
File outdated by:  RHSA-2010:0423
    MD5: 78dcc661024ba730d349da748efbb35b
krb5-workstation-1.2.7-68.ia64.rpm
File outdated by:  RHSA-2010:0423
    MD5: 8f8de4cdc7ce4569454eb464b9165a72
 
x86_64:
krb5-devel-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: cd44012885d41082872e1132ba7a6552
krb5-libs-1.2.7-68.i386.rpm
File outdated by:  RHSA-2010:0423
    MD5: 87ed05fa065b652d58bdbb1eda72a427
krb5-libs-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: ad056b50ef5579107c93bf0b5a98befb
krb5-server-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: ff993373a70f300254f87840d6e2e8ba
krb5-workstation-1.2.7-68.x86_64.rpm
File outdated by:  RHSA-2010:0423
    MD5: bd3fab11c8f146b435380c7cf2de2d89
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
krb5-1.2.2-48.src.rpm
File outdated by:  RHSA-2009:0410
    MD5: 3fe933ab13ddd79b9189154250ee80b4
 
IA-64:
krb5-devel-1.2.2-48.ia64.rpm
File outdated by:  RHSA-2009:0410
    MD5: 58f97e4d108c985193e9947a98223a05
krb5-libs-1.2.2-48.ia64.rpm
File outdated by:  RHSA-2009:0410
    MD5: c6e82f4ce7885819579fc0f50f40520e
krb5-server-1.2.2-48.ia64.rpm
File outdated by:  RHSA-2009:0410
    MD5: eef8b037f731689deaa84eb755df159e
krb5-workstation-1.2.2-48.ia64.rpm
File outdated by:  RHSA-2009:0410
    MD5: 32622b9beb4842a9a32f829f81ccab87
 

Bugs fixed (see bugzilla for more information)

432620 - CVE-2008-0062 krb5: uninitialized pointer use in krb5kdc
432621 - CVE-2008-0063 krb5: possible leak of sensitive data from krb5kdc using krb4 request
435087 - CVE-2008-0948 krb5: incorrect handling of high-numbered file descriptors in RPC library


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/