Skip to navigation

Security Advisory Critical: krb5 security update

Advisory: RHSA-2008:0182-3
Type: Security Advisory
Severity: Critical
Issued on: 2008-03-18
Last updated on: 2008-03-18
Affected Products: Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux ES (v. 4.5.z)
CVEs (cve.mitre.org): CVE-2008-0062
CVE-2008-0063

Details

Updated krb5 packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4.5 Extended Update Support.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.

A flaw was found in the way the MIT Kerberos Authentication Service and Key
Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets.
An unauthenticated remote attacker could use this flaw to crash the
krb5kdc daemon, disclose portions of its memory, or possibly execute
arbitrary code using malformed or truncated Kerberos v4 protocol
requests. (CVE-2008-0062, CVE-2008-0063)

This issue only affected krb5kdc with Kerberos v4 protocol compatibility
enabled, which is the default setting on Red Hat Enterprise Linux 4.
Kerberos v4 protocol support can be disabled by adding "v4_mode=none"
(without the quotes) to the "[kdcdefaults]" section of
/var/kerberos/krb5kdc/kdc.conf.

Red Hat would like to thank MIT for reporting these issues.

All krb5 users are advised to update to these erratum packages which
contain backported fixes to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
krb5-1.3.4-49.el4_5.1.src.rpm     MD5: beafa361676085e75d1ddd8322b54adc
 
IA-32:
krb5-devel-1.3.4-49.el4_5.1.i386.rpm     MD5: 0f3e2da6fe022ac4a2445e9319690dda
krb5-libs-1.3.4-49.el4_5.1.i386.rpm     MD5: f36311ed9d2208d701411cfafa4e99e4
krb5-server-1.3.4-49.el4_5.1.i386.rpm     MD5: 766fcab6312078b264747e44fc6018e9
krb5-workstation-1.3.4-49.el4_5.1.i386.rpm     MD5: 93c6c47ce4764988444bc59c407358cd
 
IA-64:
krb5-devel-1.3.4-49.el4_5.1.ia64.rpm     MD5: 2bf157eab29506efc99b0f702c416674
krb5-libs-1.3.4-49.el4_5.1.i386.rpm     MD5: f36311ed9d2208d701411cfafa4e99e4
krb5-libs-1.3.4-49.el4_5.1.ia64.rpm     MD5: 5af94cbf190a903001ea8e2bbfb69323
krb5-server-1.3.4-49.el4_5.1.ia64.rpm     MD5: 889ce310db770e6d416e9a1dad11411b
krb5-workstation-1.3.4-49.el4_5.1.ia64.rpm     MD5: e42b5b6f5fb46482ac5c5b051fa1a2ce
 
PPC:
krb5-devel-1.3.4-49.el4_5.1.ppc.rpm     MD5: 34a528a0775b8c54394ad74e89f0d1f3
krb5-libs-1.3.4-49.el4_5.1.ppc.rpm     MD5: b1e178cb1d2157cae4cb567648beb5c2
krb5-libs-1.3.4-49.el4_5.1.ppc64.rpm     MD5: 90ee9710dba8f1b83379c35dd608d8d1
krb5-server-1.3.4-49.el4_5.1.ppc.rpm     MD5: b1a2e8446d5fc33ca9bd6647bc470c7d
krb5-workstation-1.3.4-49.el4_5.1.ppc.rpm     MD5: 375ee28040c510e92ca5352ea39fcb99
 
s390:
krb5-devel-1.3.4-49.el4_5.1.s390.rpm     MD5: 62ee45ed91c87ab1f8eeb51ff3d3d960
krb5-libs-1.3.4-49.el4_5.1.s390.rpm     MD5: fa818703cbe0d908aa001b25df4eebe7
krb5-server-1.3.4-49.el4_5.1.s390.rpm     MD5: 024423bdee192dfe5177e431ea346155
krb5-workstation-1.3.4-49.el4_5.1.s390.rpm     MD5: 3d720d56360b73c84e1b222d92cf034c
 
s390x:
krb5-devel-1.3.4-49.el4_5.1.s390x.rpm     MD5: 5c40d376d0bae05df44f1d9a2cb3e6fd
krb5-libs-1.3.4-49.el4_5.1.s390.rpm     MD5: fa818703cbe0d908aa001b25df4eebe7
krb5-libs-1.3.4-49.el4_5.1.s390x.rpm     MD5: 941ad9602c60bdf8879a3e7c173b36de
krb5-server-1.3.4-49.el4_5.1.s390x.rpm     MD5: 9945f7a4c967e7921394f4296c23dfbe
krb5-workstation-1.3.4-49.el4_5.1.s390x.rpm     MD5: 7abbb3620610856fb88017e7ca8fd96c
 
x86_64:
krb5-devel-1.3.4-49.el4_5.1.x86_64.rpm     MD5: 9b1de69152639facbe2c1b4360e67bfb
krb5-libs-1.3.4-49.el4_5.1.i386.rpm     MD5: f36311ed9d2208d701411cfafa4e99e4
krb5-libs-1.3.4-49.el4_5.1.x86_64.rpm     MD5: cbb86646fbce0748e97ec75ab4ad2781
krb5-server-1.3.4-49.el4_5.1.x86_64.rpm     MD5: 1e45d8593684a641255a57fb41f4086e
krb5-workstation-1.3.4-49.el4_5.1.x86_64.rpm     MD5: 9ecff3ac4e609945be4b66680693ec18
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
krb5-1.3.4-49.el4_5.1.src.rpm     MD5: beafa361676085e75d1ddd8322b54adc
 
IA-32:
krb5-devel-1.3.4-49.el4_5.1.i386.rpm     MD5: 0f3e2da6fe022ac4a2445e9319690dda
krb5-libs-1.3.4-49.el4_5.1.i386.rpm     MD5: f36311ed9d2208d701411cfafa4e99e4
krb5-server-1.3.4-49.el4_5.1.i386.rpm     MD5: 766fcab6312078b264747e44fc6018e9
krb5-workstation-1.3.4-49.el4_5.1.i386.rpm     MD5: 93c6c47ce4764988444bc59c407358cd
 
IA-64:
krb5-devel-1.3.4-49.el4_5.1.ia64.rpm     MD5: 2bf157eab29506efc99b0f702c416674
krb5-libs-1.3.4-49.el4_5.1.i386.rpm     MD5: f36311ed9d2208d701411cfafa4e99e4
krb5-libs-1.3.4-49.el4_5.1.ia64.rpm     MD5: 5af94cbf190a903001ea8e2bbfb69323
krb5-server-1.3.4-49.el4_5.1.ia64.rpm     MD5: 889ce310db770e6d416e9a1dad11411b
krb5-workstation-1.3.4-49.el4_5.1.ia64.rpm     MD5: e42b5b6f5fb46482ac5c5b051fa1a2ce
 
x86_64:
krb5-devel-1.3.4-49.el4_5.1.x86_64.rpm     MD5: 9b1de69152639facbe2c1b4360e67bfb
krb5-libs-1.3.4-49.el4_5.1.i386.rpm     MD5: f36311ed9d2208d701411cfafa4e99e4
krb5-libs-1.3.4-49.el4_5.1.x86_64.rpm     MD5: cbb86646fbce0748e97ec75ab4ad2781
krb5-server-1.3.4-49.el4_5.1.x86_64.rpm     MD5: 1e45d8593684a641255a57fb41f4086e
krb5-workstation-1.3.4-49.el4_5.1.x86_64.rpm     MD5: 9ecff3ac4e609945be4b66680693ec18
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

432620 - CVE-2008-0062 krb5: uninitialized pointer use in krb5kdc
432621 - CVE-2008-0063 krb5: possible leak of sensitive data from krb5kdc using krb4 request


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/