Skip to navigation

Security Advisory Critical: krb5-appl security update

Advisory: RHSA-2011:1854-1
Type: Security Advisory
Severity: Critical
Issued on: 2011-12-28
Last updated on: 2011-12-28
Affected Products: Red Hat Enterprise Linux Server EUS (v. 6.0.z)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
CVEs (cve.mitre.org): CVE-2011-4862

Details

Updated krb5-appl packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.0 and 6.1 Extended Update Support.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and
rlogin clients and servers. Kerberos is a network authentication system
which allows clients and servers to authenticate to each other using
symmetric encryption and a trusted third-party, the Key Distribution Center
(KDC).

A buffer overflow flaw was found in the MIT krb5 telnet daemon (telnetd).
A remote attacker who can access the telnet port of a target machine could
use this flaw to execute arbitrary code as root. (CVE-2011-4862)

Note that the krb5 telnet daemon is not enabled by default in any version
of Red Hat Enterprise Linux. In addition, the default firewall rules block
remote access to the telnet port. This flaw does not affect the telnet
daemon distributed in the telnet-server package.

For users who have installed the krb5-appl-servers package, have enabled
the krb5 telnet daemon, and have it accessible remotely, this update should
be applied immediately.

All krb5-appl-server users should upgrade to these updated packages, which
contain a backported patch to correct this issue.


Solution

The krb5 telnet daemon is an xinetd service. You can determine if krb5
telnetd is enabled with the commands:

/sbin/chkconfig --list krb5-telnet
/sbin/chkconfig --list ekrb5-telnet

The output of these command will display "on" if krb5 telnet is enabled.
krb5 telnet daemon can be immediately disabled with the commands:

/sbin/chkconfig krb5-telnet off
/sbin/chkconfig ekrb5-telnet off

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Server EUS (v. 6.0.z)

IA-32:
krb5-appl-clients-1.0.1-1.el6_0.1.i686.rpm     MD5: eb9afc2159e4dd1d4ace231ddee5af17
SHA-256: 488189394f71fb88d3941353e4c48e74a03f54ba8241695b5d8bfc6ac7fb12d8
krb5-appl-debuginfo-1.0.1-1.el6_0.1.i686.rpm     MD5: f2edca03e893a53db75b901590d1144f
SHA-256: 47c7677fdb7e7bd0dd0d94d15200996d3175c97481ba0ce8893882c1c2b092b6
krb5-appl-servers-1.0.1-1.el6_0.1.i686.rpm     MD5: 914f14e14c6131922e04ad23b0083710
SHA-256: 24c5affc52f9d0899c47ef77ca5056b3551cf8937d69c239d3ef4a26c16d324e
 
PPC:
krb5-appl-clients-1.0.1-1.el6_0.1.ppc64.rpm     MD5: 7a3ede1739c130fc78b7a67ca71dacb2
SHA-256: a0fd6af761d2f51175922aa7d1b195f086c4ca9b6131eae250e591e4e640559b
krb5-appl-debuginfo-1.0.1-1.el6_0.1.ppc64.rpm     MD5: 31d5f7e0c50b342340a385cddc5d1a03
SHA-256: 201d052beffdb507cb0a1e597884702ccb568ddccfa168e33aabd054b90bd10d
krb5-appl-servers-1.0.1-1.el6_0.1.ppc64.rpm     MD5: 30b1d4ad1a0e4f04c5c84ced2f7eba5a
SHA-256: baf93cd1c9f075cd8d59ac2129318b3a27643f21728488151b2d695d3e60a601
 
s390x:
krb5-appl-clients-1.0.1-1.el6_0.1.s390x.rpm     MD5: 9f712b9fbf434dd0c585e96eeccd9b94
SHA-256: c9e80baefd312178e45e88d4522dc5d8a5d47d1f7928fac515415b8f61f6952e
krb5-appl-debuginfo-1.0.1-1.el6_0.1.s390x.rpm     MD5: 467d1242cb82f2e14afb03a3e5421e0d
SHA-256: c6cb84e91cdc7e4f49eefeca91cd980f59d0d2d0e6831afdb317bb12c150b4ec
krb5-appl-servers-1.0.1-1.el6_0.1.s390x.rpm     MD5: 48d4b726e41d077aed5b1b2db2125e5f
SHA-256: 5629380bd013b8d4b6385b0cb190a8f70ece8730b5b0b977f6e530cdf96ba543
 
x86_64:
krb5-appl-clients-1.0.1-1.el6_0.1.x86_64.rpm     MD5: b156a9163dfec915aca20c032c2aab17
SHA-256: cbd5a330b4219f464e0032436efe881d764c35e12b5431f4ec83952cfd6ef5ae
krb5-appl-debuginfo-1.0.1-1.el6_0.1.x86_64.rpm     MD5: e1a433af3db4ecd89bf8f8b53f6a1802
SHA-256: b2f099d5608b92ede67f3be78efa83459dbebd26dc0175af66323067478aa4ae
krb5-appl-servers-1.0.1-1.el6_0.1.x86_64.rpm     MD5: 3bb86ab79bfa9e01c09bd305a095d038
SHA-256: 2619f0aee987acdfebefd1dd2462b5b2e5114ade0ad4f21bdb80838eaf031903
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

IA-32:
krb5-appl-clients-1.0.1-2.el6_1.3.i686.rpm     MD5: dff2066fe8b2c6c919c380fa91e8c93a
SHA-256: f194fb6ec311ed07806a7f5cddfd913d638bfcea629362376344e7fc53284b00
krb5-appl-debuginfo-1.0.1-2.el6_1.3.i686.rpm     MD5: 8f8b258467dca52b3ae4b4d553617fda
SHA-256: 88d4e8ff713ef00828f2512dadcf245e7645f58aca4c02dd739131ee04cad4fc
krb5-appl-servers-1.0.1-2.el6_1.3.i686.rpm     MD5: 5a78ac8ddeeb88833096396dcd10bbb3
SHA-256: f1d33134f04200243d100f152eb9f9674a636957f5b153fe758faf57a396a5c4
 
PPC:
krb5-appl-clients-1.0.1-2.el6_1.3.ppc64.rpm     MD5: 01b7477b83a355026574e76b8a275710
SHA-256: 937777bf356a069ed228221ae0833a7c112a33709d549fcaa5b0ec6cb43b4b5c
krb5-appl-debuginfo-1.0.1-2.el6_1.3.ppc64.rpm     MD5: 55d94f204d351659164b2da43aacc2cb
SHA-256: 7207301b976c3bebe672c1af3ea806d3293cf3c5bd828bbf43f0b7439cf3516a
krb5-appl-servers-1.0.1-2.el6_1.3.ppc64.rpm     MD5: 1c9e1eb4dddcf1582019ddbf2a6a4686
SHA-256: f06203198b6af168a0e18d38a7d3f35c70a137219560cf2b63fe84b477483e50
 
s390x:
krb5-appl-clients-1.0.1-2.el6_1.3.s390x.rpm     MD5: 26af788d164b16d4807267376aa6d1c1
SHA-256: 16105b00f50eda15f287c364fad13f325b7182fe5e7001b71f380fe3dc1db901
krb5-appl-debuginfo-1.0.1-2.el6_1.3.s390x.rpm     MD5: a46c8efd2f595fd4796a8eaf874622a6
SHA-256: 34ce77855d5c9666e6294b8cec6ef4f7a0cf8fda998f7faf043db04136bd3452
krb5-appl-servers-1.0.1-2.el6_1.3.s390x.rpm     MD5: 6073e6a8d2dd2aef58c2f99a7147605b
SHA-256: 6360b508546db5da85eaf3d92baa80c1015042649ab8abea9caf59707417fa94
 
x86_64:
krb5-appl-clients-1.0.1-2.el6_1.3.x86_64.rpm     MD5: 56d62f2030ac17279907540c0cd7b067
SHA-256: 2ffcaf2291463005d3ac66ae083715769a7af7a8309e4ef56261fc54fca90310
krb5-appl-debuginfo-1.0.1-2.el6_1.3.x86_64.rpm     MD5: 0a69796ccf80c184200712ca8d446723
SHA-256: 30d9145167e07b916da169c2edfa09265ec527a03d707e53e3745da0cdbdcafc
krb5-appl-servers-1.0.1-2.el6_1.3.x86_64.rpm     MD5: f1ca86bc324d1074692fd183382318a0
SHA-256: 00946b89f9d217fe57b2295adb5843294a38125fbb7718ed75a5e59e5432ff15
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

770325 - CVE-2011-4862 krb5: remote buffer overflow in kerberized telnet daemon


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/