Skip to navigation

Security Advisory Important: krb5-appl security update

Advisory: RHSA-2011:0920-1
Type: Security Advisory
Severity: Important
Issued on: 2011-07-05
Last updated on: 2011-07-05
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-1526

Details

Updated krb5-appl packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and
rlogin clients and servers. While these have been replaced by tools such as
OpenSSH in most environments, they remain in use in others.

It was found that gssftp, a Kerberos-aware FTP server, did not properly
drop privileges. A remote FTP user could use this flaw to gain unauthorized
read or write access to files that are owned by the root group.
(CVE-2011-1526)

Red Hat would like to thank the MIT Kerberos project for reporting this
issue. Upstream acknowledges Tim Zingelman as the original reporter.

All krb5-appl users should upgrade to these updated packages, which contain
a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
krb5-appl-1.0.1-2.el6_1.1.src.rpm
File outdated by:  RHBA-2012:0550
    MD5: 37fc0aabb7655212068fea47768b23f5
SHA-256: a9c86763485b26dedea8579af9516b284e66a076093192a7b9e8113604cc96ad
 
IA-32:
krb5-appl-clients-1.0.1-2.el6_1.1.i686.rpm
File outdated by:  RHBA-2012:0550
    MD5: b37d19bde7b4c793e45e75fc80e80563
SHA-256: 30cd628626b092ba3a71f669a056c40fc58c9efc41b5c15cc69d25743a6c6adb
krb5-appl-debuginfo-1.0.1-2.el6_1.1.i686.rpm
File outdated by:  RHBA-2012:0550
    MD5: 68f354de42dcc896fbbca1a848f7ff2d
SHA-256: 9b3bf9f3e311ee0d5cc6a0afb1ae756e2ba9081cbf9b23f5033d1f92fbc021f5
krb5-appl-servers-1.0.1-2.el6_1.1.i686.rpm
File outdated by:  RHBA-2012:0550
    MD5: 40061eaa8e905f462eaa278d62e7b77c
SHA-256: 54f1f763394b19a1f14de7f8ecad41fb35ae8b2bd72cb536963dcf45dee2f06d
 
x86_64:
krb5-appl-clients-1.0.1-2.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2012:0550
    MD5: 605a8c53e0580dfa283de59edcef5d16
SHA-256: 5636b1959e29af94d2ebfeb251821acb3603deb68e511337669cf692ef5961d5
krb5-appl-debuginfo-1.0.1-2.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2012:0550
    MD5: efb0844fe5512bc732bc1ee12fa916ad
SHA-256: 5153ae6eefeba3df24e5b25b5a55148f7f16af746d10e03e25f24dce6dbb94bc
krb5-appl-servers-1.0.1-2.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2012:0550
    MD5: 23102b8dcd920f206837965ec341dbc3
SHA-256: 2750b048886393f52323b15ee0c3d5e5ffe4690147e97a2e4dc99d4bf4180738
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
krb5-appl-1.0.1-2.el6_1.1.src.rpm
File outdated by:  RHBA-2012:0550
    MD5: 37fc0aabb7655212068fea47768b23f5
SHA-256: a9c86763485b26dedea8579af9516b284e66a076093192a7b9e8113604cc96ad
 
x86_64:
krb5-appl-clients-1.0.1-2.el6_1.1.x86_64.rpm     MD5: 605a8c53e0580dfa283de59edcef5d16
SHA-256: 5636b1959e29af94d2ebfeb251821acb3603deb68e511337669cf692ef5961d5
krb5-appl-debuginfo-1.0.1-2.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2012:0550
    MD5: efb0844fe5512bc732bc1ee12fa916ad
SHA-256: 5153ae6eefeba3df24e5b25b5a55148f7f16af746d10e03e25f24dce6dbb94bc
krb5-appl-servers-1.0.1-2.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2012:0550
    MD5: 23102b8dcd920f206837965ec341dbc3
SHA-256: 2750b048886393f52323b15ee0c3d5e5ffe4690147e97a2e4dc99d4bf4180738
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
krb5-appl-1.0.1-2.el6_1.1.src.rpm
File outdated by:  RHBA-2012:0550
    MD5: 37fc0aabb7655212068fea47768b23f5
SHA-256: a9c86763485b26dedea8579af9516b284e66a076093192a7b9e8113604cc96ad
 
IA-32:
krb5-appl-clients-1.0.1-2.el6_1.1.i686.rpm
File outdated by:  RHBA-2012:0550
    MD5: b37d19bde7b4c793e45e75fc80e80563
SHA-256: 30cd628626b092ba3a71f669a056c40fc58c9efc41b5c15cc69d25743a6c6adb
krb5-appl-debuginfo-1.0.1-2.el6_1.1.i686.rpm
File outdated by:  RHBA-2012:0550
    MD5: 68f354de42dcc896fbbca1a848f7ff2d
SHA-256: 9b3bf9f3e311ee0d5cc6a0afb1ae756e2ba9081cbf9b23f5033d1f92fbc021f5
krb5-appl-servers-1.0.1-2.el6_1.1.i686.rpm
File outdated by:  RHBA-2012:0550
    MD5: 40061eaa8e905f462eaa278d62e7b77c
SHA-256: 54f1f763394b19a1f14de7f8ecad41fb35ae8b2bd72cb536963dcf45dee2f06d
 
PPC:
krb5-appl-clients-1.0.1-2.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2012:0550
    MD5: 7b33d24de075092866eb9cd189b7f8c9
SHA-256: 9c59ebfda547d9fcf24407ccd1fe6d9bd11c44a96ffb12fce29d98e5fc0c6f50
krb5-appl-debuginfo-1.0.1-2.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2012:0550
    MD5: ef9bc7e79d5f97a4f605eb139d1952fc
SHA-256: 68d3be664e35cc662ebee2d280e210eb64629346992b47da938d2dffebea2b9e
krb5-appl-servers-1.0.1-2.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2012:0550
    MD5: 2780e1ce82b65dd139ca37d6bd4a110b
SHA-256: 21bb683e6e7411952674544e48c1e3d1331f84948f8b0c893f999120b976d927
 
s390x:
krb5-appl-clients-1.0.1-2.el6_1.1.s390x.rpm
File outdated by:  RHBA-2012:0550
    MD5: f841f839b2faf5a66ef212a59bd5763d
SHA-256: 9603519ece827d198f53a0da54db16a4a3a14062c1a17fa09063c7f05b7a24ab
krb5-appl-debuginfo-1.0.1-2.el6_1.1.s390x.rpm
File outdated by:  RHBA-2012:0550
    MD5: 8053f43035ff1ab7a9c83d5e1aacedd7
SHA-256: f68c2d01baef93289018c683666eda5eeee037ac437b7c48adfc9249e3ce3016
krb5-appl-servers-1.0.1-2.el6_1.1.s390x.rpm
File outdated by:  RHBA-2012:0550
    MD5: ed00191dfbc8c67a305453620fff14c5
SHA-256: 8f8f53d3c8d4e0d05ca449b81a4b862b437f3315b73a87c33fa46a2aea76e0fe
 
x86_64:
krb5-appl-clients-1.0.1-2.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2012:0550
    MD5: 605a8c53e0580dfa283de59edcef5d16
SHA-256: 5636b1959e29af94d2ebfeb251821acb3603deb68e511337669cf692ef5961d5
krb5-appl-debuginfo-1.0.1-2.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2012:0550
    MD5: efb0844fe5512bc732bc1ee12fa916ad
SHA-256: 5153ae6eefeba3df24e5b25b5a55148f7f16af746d10e03e25f24dce6dbb94bc
krb5-appl-servers-1.0.1-2.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2012:0550
    MD5: 23102b8dcd920f206837965ec341dbc3
SHA-256: 2750b048886393f52323b15ee0c3d5e5ffe4690147e97a2e4dc99d4bf4180738
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
krb5-appl-1.0.1-2.el6_1.1.src.rpm
File outdated by:  RHBA-2012:0550
    MD5: 37fc0aabb7655212068fea47768b23f5
SHA-256: a9c86763485b26dedea8579af9516b284e66a076093192a7b9e8113604cc96ad
 
IA-32:
krb5-appl-clients-1.0.1-2.el6_1.1.i686.rpm
File outdated by:  RHSA-2011:1854
    MD5: b37d19bde7b4c793e45e75fc80e80563
SHA-256: 30cd628626b092ba3a71f669a056c40fc58c9efc41b5c15cc69d25743a6c6adb
krb5-appl-debuginfo-1.0.1-2.el6_1.1.i686.rpm
File outdated by:  RHSA-2011:1854
    MD5: 68f354de42dcc896fbbca1a848f7ff2d
SHA-256: 9b3bf9f3e311ee0d5cc6a0afb1ae756e2ba9081cbf9b23f5033d1f92fbc021f5
krb5-appl-servers-1.0.1-2.el6_1.1.i686.rpm
File outdated by:  RHSA-2011:1854
    MD5: 40061eaa8e905f462eaa278d62e7b77c
SHA-256: 54f1f763394b19a1f14de7f8ecad41fb35ae8b2bd72cb536963dcf45dee2f06d
 
PPC:
krb5-appl-clients-1.0.1-2.el6_1.1.ppc64.rpm
File outdated by:  RHSA-2011:1854
    MD5: 7b33d24de075092866eb9cd189b7f8c9
SHA-256: 9c59ebfda547d9fcf24407ccd1fe6d9bd11c44a96ffb12fce29d98e5fc0c6f50
krb5-appl-debuginfo-1.0.1-2.el6_1.1.ppc64.rpm
File outdated by:  RHSA-2011:1854
    MD5: ef9bc7e79d5f97a4f605eb139d1952fc
SHA-256: 68d3be664e35cc662ebee2d280e210eb64629346992b47da938d2dffebea2b9e
krb5-appl-servers-1.0.1-2.el6_1.1.ppc64.rpm
File outdated by:  RHSA-2011:1854
    MD5: 2780e1ce82b65dd139ca37d6bd4a110b
SHA-256: 21bb683e6e7411952674544e48c1e3d1331f84948f8b0c893f999120b976d927
 
s390x:
krb5-appl-clients-1.0.1-2.el6_1.1.s390x.rpm
File outdated by:  RHSA-2011:1854
    MD5: f841f839b2faf5a66ef212a59bd5763d
SHA-256: 9603519ece827d198f53a0da54db16a4a3a14062c1a17fa09063c7f05b7a24ab
krb5-appl-debuginfo-1.0.1-2.el6_1.1.s390x.rpm
File outdated by:  RHSA-2011:1854
    MD5: 8053f43035ff1ab7a9c83d5e1aacedd7
SHA-256: f68c2d01baef93289018c683666eda5eeee037ac437b7c48adfc9249e3ce3016
krb5-appl-servers-1.0.1-2.el6_1.1.s390x.rpm
File outdated by:  RHSA-2011:1854
    MD5: ed00191dfbc8c67a305453620fff14c5
SHA-256: 8f8f53d3c8d4e0d05ca449b81a4b862b437f3315b73a87c33fa46a2aea76e0fe
 
x86_64:
krb5-appl-clients-1.0.1-2.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2011:1854
    MD5: 605a8c53e0580dfa283de59edcef5d16
SHA-256: 5636b1959e29af94d2ebfeb251821acb3603deb68e511337669cf692ef5961d5
krb5-appl-debuginfo-1.0.1-2.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2011:1854
    MD5: efb0844fe5512bc732bc1ee12fa916ad
SHA-256: 5153ae6eefeba3df24e5b25b5a55148f7f16af746d10e03e25f24dce6dbb94bc
krb5-appl-servers-1.0.1-2.el6_1.1.x86_64.rpm
File outdated by:  RHSA-2011:1854
    MD5: 23102b8dcd920f206837965ec341dbc3
SHA-256: 2750b048886393f52323b15ee0c3d5e5ffe4690147e97a2e4dc99d4bf4180738
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
krb5-appl-1.0.1-2.el6_1.1.src.rpm
File outdated by:  RHBA-2012:0550
    MD5: 37fc0aabb7655212068fea47768b23f5
SHA-256: a9c86763485b26dedea8579af9516b284e66a076093192a7b9e8113604cc96ad
 
IA-32:
krb5-appl-clients-1.0.1-2.el6_1.1.i686.rpm
File outdated by:  RHBA-2012:0550
    MD5: b37d19bde7b4c793e45e75fc80e80563
SHA-256: 30cd628626b092ba3a71f669a056c40fc58c9efc41b5c15cc69d25743a6c6adb
krb5-appl-debuginfo-1.0.1-2.el6_1.1.i686.rpm
File outdated by:  RHBA-2012:0550
    MD5: 68f354de42dcc896fbbca1a848f7ff2d
SHA-256: 9b3bf9f3e311ee0d5cc6a0afb1ae756e2ba9081cbf9b23f5033d1f92fbc021f5
krb5-appl-servers-1.0.1-2.el6_1.1.i686.rpm
File outdated by:  RHBA-2012:0550
    MD5: 40061eaa8e905f462eaa278d62e7b77c
SHA-256: 54f1f763394b19a1f14de7f8ecad41fb35ae8b2bd72cb536963dcf45dee2f06d
 
x86_64:
krb5-appl-clients-1.0.1-2.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2012:0550
    MD5: 605a8c53e0580dfa283de59edcef5d16
SHA-256: 5636b1959e29af94d2ebfeb251821acb3603deb68e511337669cf692ef5961d5
krb5-appl-debuginfo-1.0.1-2.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2012:0550
    MD5: efb0844fe5512bc732bc1ee12fa916ad
SHA-256: 5153ae6eefeba3df24e5b25b5a55148f7f16af746d10e03e25f24dce6dbb94bc
krb5-appl-servers-1.0.1-2.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2012:0550
    MD5: 23102b8dcd920f206837965ec341dbc3
SHA-256: 2750b048886393f52323b15ee0c3d5e5ffe4690147e97a2e4dc99d4bf4180738
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

711419 - CVE-2011-1526 krb5, krb5-appl: ftpd incorrect group privilege dropping (MITKRB5-SA-2011-005)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/