Bugtraqmailing list archives

By Date

By Thread

[USN-58-1] MIT Kerberos server vulnerability

===========================================================Ubuntu Security Notice USN-58-1            January 10, 2005krb5 vulnerabilityCAN-2004-1189===========================================================A security issue affects the following Ubuntu releases:Ubuntu 4.10 (Warty Warthog)The following packages are affected:krb5-admin-serverkrb5-kdclibkadm55libkrb53The problem can be corrected by upgrading the affected package toversion 1.3.4-3ubuntu0.1.  In general, a standard system upgrade issufficient to effect the necessary changes.Details follow:Michael Tautschnig discovered a possible buffer overflow in theadd_to_history() function in the MIT Kerberos 5 implementation.Performing a password change did not properly track the passwordpolicy's history count and the maximum number of keys. This couldcause an array overflow and may have allowed authenticated users (notnecessarily one with administrative privileges) to execute arbitrarycode on the KDC host, compromising an entire Kerberos realm.  Source archives:http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.4-3ubuntu0.1.diff.gz      Size/MD5:   660788 a3e773e901a67368f8dd322a903f7f81http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.4-3ubuntu0.1.dsc      Size/MD5:      788 e9baf1ebfa972d585f829d7e64465beahttp://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.4.orig.tar.gz      Size/MD5:  6361011 23ddf1655f7f180835cf34d104088473  Architecture independent packages:http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.3.4-3ubuntu0.1_all.deb      Size/MD5:   716542 5b8265007cf5f2176955aacfe3eb45eb  amd64 architecture (Athlon64, Opteron, EM64T Xeon)http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.4-3ubuntu0.1_amd64.deb      Size/MD5:   103764 7f4720f5b36e50c49f30bc99917dc31ahttp://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.4-3ubuntu0.1_amd64.deb      Size/MD5:   215204 30b4d7e2a133cce888127798b843566ahttp://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.4-3ubuntu0.1_amd64.deb      Size/MD5:    55802 92a9097d2c5fc574d644dd062a2a2d0chttp://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.4-3ubuntu0.1_amd64.deb      Size/MD5:   123580 977b0f8def9a58ab022a2e8321f5d29dhttp://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.4-3ubuntu0.1_amd64.deb      Size/MD5:    81578 58fa9d55d6316f1540d642696509e04bhttp://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.4-3ubuntu0.1_amd64.deb      Size/MD5:    62318 ae6908459976878856a666950f2c956dhttp://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.4-3ubuntu0.1_amd64.deb      Size/MD5:   135856 0012a1ff533388ec7a6a4082f9eaa23ahttp://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.4-3ubuntu0.1_amd64.deb      Size/MD5:   176484 e26c41328f72a6b4ff3f9dfd16819429http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.4-3ubuntu0.1_amd64.deb      Size/MD5:   651556 c41b666bd8ba980bb5240c8de4a22a42http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.4-3ubuntu0.1_amd64.deb      Size/MD5:   367872 7c2ddc51d5fb971540aa2ddb74e136d0  i386 architecture (x86 compatible Intel/AMD)http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.4-3ubuntu0.1_i386.deb      Size/MD5:    92828 40b738af512065868c3bd38a86652ee0http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.4-3ubuntu0.1_i386.deb      Size/MD5:   186464 a2da914f916c3bf6b53d1c417e74b5cfhttp://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.4-3ubuntu0.1_i386.deb      Size/MD5:    50728 c53fab7706867bfd2e2defaaca0e8abahttp://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.4-3ubuntu0.1_i386.deb      Size/MD5:   113756 2e6293b7d8788ca1e6584eeb371d4746http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.4-3ubuntu0.1_i386.deb      Size/MD5:    73758 d2b3b94e05e43169379c0d6a742d15e2http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.4-3ubuntu0.1_i386.deb      Size/MD5:    55284 8d279d10b1238c64e8e788e163d10697http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.4-3ubuntu0.1_i386.deb      Size/MD5:   125264 0e37aeb9bf575e214e526148f6021abdhttp://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.4-3ubuntu0.1_i386.deb      Size/MD5:   160580 b735959ba91dad37fd12dd89faf798dehttp://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.4-3ubuntu0.1_i386.deb      Size/MD5:   559754 cccfdccc55db99dce5d79583060ec1a7http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.4-3ubuntu0.1_i386.deb      Size/MD5:   339586 9c4e8bb211b3b463d2293a7e5acebac9  powerpc architecture (Apple Macintosh G3/G4/G5)http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.4-3ubuntu0.1_powerpc.deb      Size/MD5:   103998 72a3841148e8736286547e3b34b0d42dhttp://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.4-3ubuntu0.1_powerpc.deb      Size/MD5:   214930 137626b6516e100a313612b79f28a2f4http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.4-3ubuntu0.1_powerpc.deb      Size/MD5:    55814 592491f4a84ce02651ec9489d2f64c4ehttp://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.4-3ubuntu0.1_powerpc.deb      Size/MD5:   124368 d68fe5a0c785baa01d2d7e7b6f14477fhttp://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.4-3ubuntu0.1_powerpc.deb      Size/MD5:    81392 2c43228e3b6d42fcdd214a516e9a4329http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.4-3ubuntu0.1_powerpc.deb      Size/MD5:    60498 d2604219b83e84bea7ee2460a626fb59http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.4-3ubuntu0.1_powerpc.deb      Size/MD5:   141916 fa44026deba1951732f3748381d0f842http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.4-3ubuntu0.1_powerpc.deb      Size/MD5:   164366 b71f6b535f950994b907f39e8685ee57http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.4-3ubuntu0.1_powerpc.deb      Size/MD5:   633862 bc094b01dfd0b507e157c870b6fa94a8http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.4-3ubuntu0.1_powerpc.deb      Size/MD5:   351532 6fdb209e66b2935696a43f60efad7934

Attachment:signature.asc
Description: Digital signature

By Date

By Thread

Current thread:

• [USN-58-1] MIT Kerberos server vulnerabilityMartin Pitt (Jan 11)