__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
krb5 Security Update
[Red Hat RHSA-2007:0095-4]
April 4, 2007 14:00 GMT Number R-193
[REVISED 4 Apr 2007]
[REVISED 19 Apr 2007]
[REVISED 23 May 2007]
[REVISED 30 May 2007]
[REVISED 31 Jul 2007]
______________________________________________________________________________
PROBLEM: A flaw was found in the username handling of the MIT krb5
telnet daemon (telnetd).
PLATFORM: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3, v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
MIT krb5
Sun Enterprise Autentication Mechanism 1.0
Debian GNU/Linux 3.1 alias sarge
HP-UX B.11.11, B.11.23, and B.11.31 running the Kerberos Client
software versions 1.3.5.05 and previous
Solaris 8, 9, 10 Operating Systems
SGI Advanced Linux Environment 3 ProPack 3
DAMAGE: A remote attacker can log in as root without requiring a
password.
SOLUTION: Upgrade to the appropriate version.
______________________________________________________________________________
VULNERABILITY The risk is MEDIUM. A remote attacker who can access the telnet
ASSESSMENT: port of a target machine could log in as root without requiring
a password.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-193.shtml
ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-0095.html
ADDITIONAL LINKS: MIT krb5 Security Advisory 2007-001
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt
MIT krb5 Security Advisory 2007-002
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt
MIT krb5 Security Advisory 2007-003
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-003.txt
Sun Alert ID: 102867
http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102867-1
Debian Security Advisory DSA-1276-1
http://www.debian.org/security/2007/dsa-1276
Visit Hewlett-Packard's Subscription Service for:
HPSBUX02217 SSRT071337 rev. 1
Sun Alert ID: 102930
http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1
SGI Security Advisory 20070401-01-P Security Update #73
http://www.sgi.com/support/security/advisories.html
CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CVE-2007-0956 CVE-2007-0957 CVE-2007-1216
______________________________________________________________________________
REVISION HISTORY:
04/04/2007 - revised R-193 to add links to the following Security Bulletins:
MIT krb5 Security Advisory 2007-001; 2007-002; 2007-003; and
Sun Alert ID: 102867.
04/19/2007 - revised R-193 to add links to Debian Security Advisory DSA-1276-1
for Debian GNU/Linux 3.1 alias sarge.
05/23/2007 - revised R-193 to add a link to Hewlett-Packard's HPSBUX02217
SSRT071337 rev. 1 for HP-UX B.11.11, B.11.23, and B.11.31 running
the Kerberos Client software versions 1.3.5.05 and previous.
05/30/2007 - revised R-193 to add a link to Sun Alert ID: 102930 for Solaris 8,
9, 10 Operating Systems.
07/31/2007 - revised R-193 to add a link to SGI Security Advisory 20070401-01-P
for SGI Advanced Linux Environment 3 ProPack 3.
[***** Start Red Hat RHSA-2007:0095-4 *****]
Critical: krb5 security update
Advisory: RHSA-2007:0095-4
Type: Security Advisory
Severity: Critical
Issued on: 2007-04-03
Last updated on: 2007-04-03
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: com.redhat.rhsa-20070095.xml
CVEs (cve.mitre.org): CVE-2007-0956
CVE-2007-0957
CVE-2007-1216
Details
Updated krb5 packages that fix a number of issues are now available.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. (CVE-2007-0956)
Note that the krb5 telnet daemon is not enabled by default in any version
of Red Hat Enterprise Linux. In addition, the default firewall rules block
remote access to the telnet port. This flaw does not affect the telnet
daemon distributed in the telnet-server package.
For users who have enabled the krb5 telnet daemon and have it accessible
remotely, this update should be applied immediately.
Whilst we are not aware at this time that the flaw is being actively
exploited, we have confirmed that the flaw is very easily exploitable.
This update also fixes two additional security issues:
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. (CVE-2007-0957)
A double-free flaw was found in the GSSAPI library used by the kadmin
server daemon. Red Hat Enterprise Linux 4 and 5 contain checks within
glibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux
4 and 5 successful exploitation of this issue can only lead to a denial of
service. Applications which use this library in earlier releases of Red
Hat Enterprise Linux may also be affected. (CVE-2007-1216)
All users are advised to update to these erratum packages which contain a
backported fix to correct these issues.
Red Hat would like to thank MIT and iDefense for reporting these
vulnerabilities.
Solution
The krb5 telnet daemon is an xinetd service. You can determine if krb5
telnetd is enabled with the command:
/sbin/chkconfig --list krb5-telnet
The output of this command will be "krb5-telnet on" if krb5 telnet is
enabled. krb5 telnet daemon can be immediately disabled with the command:
/sbin/chkconfig krb5-telnet off
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Updated packages
RHEL Desktop Workstation (v. 5 client)
--------------------------------------------------------------------------------
IA-32:
krb5-devel-1.5-23.i386.rpm 24f6ae2b75a877224f342de1aeec4023
krb5-server-1.5-23.i386.rpm 09a65148e9528c0f1f1ee2ae7d6f3574
x86_64:
krb5-devel-1.5-23.i386.rpm 24f6ae2b75a877224f342de1aeec4023
krb5-devel-1.5-23.x86_64.rpm 954d03b3a0954834768f7564e0e7e741
krb5-server-1.5-23.x86_64.rpm b50e4fe195e2f236b45f7b22da01b8af
Red Hat Desktop (v. 3)
--------------------------------------------------------------------------------
SRPMS:
krb5-1.2.7-61.src.rpm 241aa2f84b51636920795b1d34897082
IA-32:
krb5-devel-1.2.7-61.i386.rpm eaa32e453e972bf98827197c22bdb360
krb5-libs-1.2.7-61.i386.rpm a5d2478c179b637f2a9a38fb22132492
krb5-server-1.2.7-61.i386.rpm 5c0cdb59311fc4f27f0a14d095b587dd
krb5-workstation-1.2.7-61.i386.rpm 3ec0506072852c72d0014f0689ab1767
x86_64:
krb5-devel-1.2.7-61.x86_64.rpm 972fc297c47083dfaefaf1a8ea9ccab5
krb5-libs-1.2.7-61.i386.rpm a5d2478c179b637f2a9a38fb22132492
krb5-libs-1.2.7-61.x86_64.rpm 9542fea7dbd067e1975bc5366d736d91
krb5-server-1.2.7-61.x86_64.rpm 137c91d6c1a6ca8aa05fefac6bc36513
krb5-workstation-1.2.7-61.x86_64.rpm 4aa5731d9c0be30795581d104855c6c3
Red Hat Desktop (v. 4)
--------------------------------------------------------------------------------
SRPMS:
krb5-1.3.4-46.src.rpm 8ac2bf4e79c44334eccf011036807ba5
IA-32:
krb5-devel-1.3.4-46.i386.rpm b567711dbaccedf883dbaacd01285388
krb5-libs-1.3.4-46.i386.rpm f0ff16c33d0c9ba6487c0bf3eaf40779
krb5-server-1.3.4-46.i386.rpm 7a1e837828d09f1acc11a713f63aea39
krb5-workstation-1.3.4-46.i386.rpm b32d2aeec3195125c9257b0e48737614
x86_64:
krb5-devel-1.3.4-46.x86_64.rpm cfc02be36863f29841df446afdb8e7db
krb5-libs-1.3.4-46.i386.rpm f0ff16c33d0c9ba6487c0bf3eaf40779
krb5-libs-1.3.4-46.x86_64.rpm 6703713f9a765367b16a925a3fd9c355
krb5-server-1.3.4-46.x86_64.rpm 29b872e3c0f0d6b2b74991411a5cca06
krb5-workstation-1.3.4-46.x86_64.rpm 7691da20ab235883310409a2c49397a7
Red Hat Enterprise Linux (v. 5 server)
--------------------------------------------------------------------------------
SRPMS:
krb5-1.5-23.src.rpm 19a3771be564d508b43e9d21ec28021f
IA-32:
krb5-devel-1.5-23.i386.rpm 24f6ae2b75a877224f342de1aeec4023
krb5-libs-1.5-23.i386.rpm e996a6afe95019d0bcd41e6d3950bd92
krb5-server-1.5-23.i386.rpm 09a65148e9528c0f1f1ee2ae7d6f3574
krb5-workstation-1.5-23.i386.rpm 512ce44bca20f6f205f624131d9962da
IA-64:
krb5-devel-1.5-23.ia64.rpm 720833e90ed739dead106c84ae1d02b6
krb5-libs-1.5-23.i386.rpm e996a6afe95019d0bcd41e6d3950bd92
krb5-libs-1.5-23.ia64.rpm 17578cac6d56991601349056a365cd69
krb5-server-1.5-23.ia64.rpm 9cb4df8461213cab353a79c7b9c785d4
krb5-workstation-1.5-23.ia64.rpm 46d09ec65f19ff797c891d7393077639
PPC:
krb5-devel-1.5-23.ppc.rpm 5893dd512388b98b08a27731aa5b0db0
krb5-devel-1.5-23.ppc64.rpm 2d84c188dbb9891bee4193ce0b630170
krb5-libs-1.5-23.ppc.rpm 8f61b1442a98cdb0b7f2c33c6f9c845a
krb5-libs-1.5-23.ppc64.rpm 28202a13540f51df7271b4906aeffee3
krb5-server-1.5-23.ppc.rpm 142642e400df7bc04dd2bb5dcc9104c0
krb5-workstation-1.5-23.ppc.rpm f80012b463a41caa664ccd4889d6fe95
s390x:
krb5-devel-1.5-23.s390.rpm abeac98b7058da644ab3313c95260fc8
krb5-devel-1.5-23.s390x.rpm 43d6a06420b97743ab4a3c2e90bf04ab
krb5-libs-1.5-23.s390.rpm ea2483cae9d3e51eb64ac0d666f5c9ad
krb5-libs-1.5-23.s390x.rpm 4265bdd8290546ba7717709d61537e45
krb5-server-1.5-23.s390x.rpm 58c9038d7bd2defc09520d37240bd493
krb5-workstation-1.5-23.s390x.rpm 9f9d956d40fd3fdad018f5b335cbe72a
x86_64:
krb5-devel-1.5-23.i386.rpm 24f6ae2b75a877224f342de1aeec4023
krb5-devel-1.5-23.x86_64.rpm 954d03b3a0954834768f7564e0e7e741
krb5-libs-1.5-23.i386.rpm e996a6afe95019d0bcd41e6d3950bd92
krb5-libs-1.5-23.x86_64.rpm f9703e1dca02855ae83a2d6628d0fe4e
krb5-server-1.5-23.x86_64.rpm b50e4fe195e2f236b45f7b22da01b8af
krb5-workstation-1.5-23.x86_64.rpm a3969c5cb8d90e0d82f01a6899c6ce5a
Red Hat Enterprise Linux AS (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
krb5-1.2.2-44.src.rpm 8d63a222b9e449609a77bf20224bea5a
IA-32:
krb5-devel-1.2.2-44.i386.rpm e4ec8cf6b9a1edd3e4a6f48f56741730
krb5-libs-1.2.2-44.i386.rpm 6a4de547b1bc9756638c27b85273a8d4
krb5-server-1.2.2-44.i386.rpm 2a8dba9616ab803761112245de87aad2
krb5-workstation-1.2.2-44.i386.rpm a4f6fd148f0a88c5b9df569362ae9efd
IA-64:
krb5-devel-1.2.2-44.ia64.rpm 1638b9c05c1d7ec3ebfbe35ccef91b21
krb5-libs-1.2.2-44.ia64.rpm f70770ddbaa2e729d66cfa65be97de00
krb5-server-1.2.2-44.ia64.rpm 64ee3aa6cb75d8cfefa33ed1b6bdf6bf
krb5-workstation-1.2.2-44.ia64.rpm 21795085e2bbfe0f522561ec894131a5
Red Hat Enterprise Linux AS (v. 3)
--------------------------------------------------------------------------------
SRPMS:
krb5-1.2.7-61.src.rpm 241aa2f84b51636920795b1d34897082
IA-32:
krb5-devel-1.2.7-61.i386.rpm eaa32e453e972bf98827197c22bdb360
krb5-libs-1.2.7-61.i386.rpm a5d2478c179b637f2a9a38fb22132492
krb5-server-1.2.7-61.i386.rpm 5c0cdb59311fc4f27f0a14d095b587dd
krb5-workstation-1.2.7-61.i386.rpm 3ec0506072852c72d0014f0689ab1767
IA-64:
krb5-devel-1.2.7-61.ia64.rpm bea06113679d91e1c267fa07d7591aee
krb5-libs-1.2.7-61.i386.rpm a5d2478c179b637f2a9a38fb22132492
krb5-libs-1.2.7-61.ia64.rpm d17302e949fe07467399150361169956
krb5-server-1.2.7-61.ia64.rpm 089ab89df9e2457308910c50f05e23d4
krb5-workstation-1.2.7-61.ia64.rpm 89817c78ccf30b26849f3f70e1b9e1c4
PPC:
krb5-devel-1.2.7-61.ppc.rpm 9343ac9061b43c7a143d5744b53f66ff
krb5-libs-1.2.7-61.ppc.rpm 9bce14ed281a3452c9e3226d36880130
krb5-libs-1.2.7-61.ppc64.rpm ecd888402225cd2ad2fccf9fae9e1b0a
krb5-server-1.2.7-61.ppc.rpm 51853eafc971447291b2761a2c6f5f2e
krb5-workstation-1.2.7-61.ppc.rpm c5a976fb53f80c968a907cda0cf02ac1
s390:
krb5-devel-1.2.7-61.s390.rpm 104e090af79861261cf949fcf6513f32
krb5-libs-1.2.7-61.s390.rpm 9923121785df4d2f2237aa2f81590ebf
krb5-server-1.2.7-61.s390.rpm c37c6dfae6bd4eb96e5a5a02b0eb0494
krb5-workstation-1.2.7-61.s390.rpm acb769c65993e3e06e73494ea3f07fb6
s390x:
krb5-devel-1.2.7-61.s390x.rpm b8ea39b450fc5a014ec0a893bca77223
krb5-libs-1.2.7-61.s390.rpm 9923121785df4d2f2237aa2f81590ebf
krb5-libs-1.2.7-61.s390x.rpm caaff51b43eac165dbe1b5d7f7848498
krb5-server-1.2.7-61.s390x.rpm 05b786cb7f55619f88647663280c5731
krb5-workstation-1.2.7-61.s390x.rpm bd1470c9bc29a07e49ab7b4492a51697
x86_64:
krb5-devel-1.2.7-61.x86_64.rpm 972fc297c47083dfaefaf1a8ea9ccab5
krb5-libs-1.2.7-61.i386.rpm a5d2478c179b637f2a9a38fb22132492
krb5-libs-1.2.7-61.x86_64.rpm 9542fea7dbd067e1975bc5366d736d91
krb5-server-1.2.7-61.x86_64.rpm 137c91d6c1a6ca8aa05fefac6bc36513
krb5-workstation-1.2.7-61.x86_64.rpm 4aa5731d9c0be30795581d104855c6c3
Red Hat Enterprise Linux AS (v. 4)
--------------------------------------------------------------------------------
SRPMS:
krb5-1.3.4-46.src.rpm 8ac2bf4e79c44334eccf011036807ba5
IA-32:
krb5-devel-1.3.4-46.i386.rpm b567711dbaccedf883dbaacd01285388
krb5-libs-1.3.4-46.i386.rpm f0ff16c33d0c9ba6487c0bf3eaf40779
krb5-server-1.3.4-46.i386.rpm 7a1e837828d09f1acc11a713f63aea39
krb5-workstation-1.3.4-46.i386.rpm b32d2aeec3195125c9257b0e48737614
IA-64:
krb5-devel-1.3.4-46.ia64.rpm 7756cd881f328fa7671f219e82053434
krb5-libs-1.3.4-46.i386.rpm f0ff16c33d0c9ba6487c0bf3eaf40779
krb5-libs-1.3.4-46.ia64.rpm 794211f95860e0d58f6f0bc7ab7c5946
krb5-server-1.3.4-46.ia64.rpm 1e7d50c026975d7da8e18ab8c154c65d
krb5-workstation-1.3.4-46.ia64.rpm bcc973738369b6fb56ebc2fbe0fd0cd2
PPC:
krb5-devel-1.3.4-46.ppc.rpm 992da8e092120ea3b2356fbd192b4c7b
krb5-libs-1.3.4-46.ppc.rpm 3cda5943b0084444f671437181a8f9f6
krb5-libs-1.3.4-46.ppc64.rpm 8e768b63cec8e5d9b8e69e9f21653b6c
krb5-server-1.3.4-46.ppc.rpm 138aa7dfebab316975de4075df14bb55
krb5-workstation-1.3.4-46.ppc.rpm 36035bb3acbf15e82e9bb3ec6ff4d26b
s390:
krb5-devel-1.3.4-46.s390.rpm 5daa9e9b7baa112b4dfebf478b9a4f1e
krb5-libs-1.3.4-46.s390.rpm e12e91dc0d63098d98ed36db865a84dc
krb5-server-1.3.4-46.s390.rpm f2d8dd5bcb8f1379e3d99ef912ce44b1
krb5-workstation-1.3.4-46.s390.rpm 1cba876ad8e2b8c9d8f4f87c9863781a
s390x:
krb5-devel-1.3.4-46.s390x.rpm 8b3ac8636e195c3da4f8686fbaf9e16a
krb5-libs-1.3.4-46.s390.rpm e12e91dc0d63098d98ed36db865a84dc
krb5-libs-1.3.4-46.s390x.rpm 7a2164928f13bd99ecca920c0e921ec4
krb5-server-1.3.4-46.s390x.rpm 2a85452cd19682a137bded3505737950
krb5-workstation-1.3.4-46.s390x.rpm 8a296cad115e274c1a01d71b9ed9a73e
x86_64:
krb5-devel-1.3.4-46.x86_64.rpm cfc02be36863f29841df446afdb8e7db
krb5-libs-1.3.4-46.i386.rpm f0ff16c33d0c9ba6487c0bf3eaf40779
krb5-libs-1.3.4-46.x86_64.rpm 6703713f9a765367b16a925a3fd9c355
krb5-server-1.3.4-46.x86_64.rpm 29b872e3c0f0d6b2b74991411a5cca06
krb5-workstation-1.3.4-46.x86_64.rpm 7691da20ab235883310409a2c49397a7
Red Hat Enterprise Linux Desktop (v. 5 client)
--------------------------------------------------------------------------------
SRPMS:
krb5-1.5-23.src.rpm 19a3771be564d508b43e9d21ec28021f
IA-32:
krb5-libs-1.5-23.i386.rpm e996a6afe95019d0bcd41e6d3950bd92
krb5-workstation-1.5-23.i386.rpm 512ce44bca20f6f205f624131d9962da
x86_64:
krb5-libs-1.5-23.i386.rpm e996a6afe95019d0bcd41e6d3950bd92
krb5-libs-1.5-23.x86_64.rpm f9703e1dca02855ae83a2d6628d0fe4e
krb5-workstation-1.5-23.x86_64.rpm a3969c5cb8d90e0d82f01a6899c6ce5a
Red Hat Enterprise Linux ES (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
krb5-1.2.2-44.src.rpm 8d63a222b9e449609a77bf20224bea5a
IA-32:
krb5-devel-1.2.2-44.i386.rpm e4ec8cf6b9a1edd3e4a6f48f56741730
krb5-libs-1.2.2-44.i386.rpm 6a4de547b1bc9756638c27b85273a8d4
krb5-server-1.2.2-44.i386.rpm 2a8dba9616ab803761112245de87aad2
krb5-workstation-1.2.2-44.i386.rpm a4f6fd148f0a88c5b9df569362ae9efd
Red Hat Enterprise Linux ES (v. 3)
--------------------------------------------------------------------------------
SRPMS:
krb5-1.2.7-61.src.rpm 241aa2f84b51636920795b1d34897082
IA-32:
krb5-devel-1.2.7-61.i386.rpm eaa32e453e972bf98827197c22bdb360
krb5-libs-1.2.7-61.i386.rpm a5d2478c179b637f2a9a38fb22132492
krb5-server-1.2.7-61.i386.rpm 5c0cdb59311fc4f27f0a14d095b587dd
krb5-workstation-1.2.7-61.i386.rpm 3ec0506072852c72d0014f0689ab1767
IA-64:
krb5-devel-1.2.7-61.ia64.rpm bea06113679d91e1c267fa07d7591aee
krb5-libs-1.2.7-61.i386.rpm a5d2478c179b637f2a9a38fb22132492
krb5-libs-1.2.7-61.ia64.rpm d17302e949fe07467399150361169956
krb5-server-1.2.7-61.ia64.rpm 089ab89df9e2457308910c50f05e23d4
krb5-workstation-1.2.7-61.ia64.rpm 89817c78ccf30b26849f3f70e1b9e1c4
x86_64:
krb5-devel-1.2.7-61.x86_64.rpm 972fc297c47083dfaefaf1a8ea9ccab5
krb5-libs-1.2.7-61.i386.rpm a5d2478c179b637f2a9a38fb22132492
krb5-libs-1.2.7-61.x86_64.rpm 9542fea7dbd067e1975bc5366d736d91
krb5-server-1.2.7-61.x86_64.rpm 137c91d6c1a6ca8aa05fefac6bc36513
krb5-workstation-1.2.7-61.x86_64.rpm 4aa5731d9c0be30795581d104855c6c3
Red Hat Enterprise Linux ES (v. 4)
--------------------------------------------------------------------------------
SRPMS:
krb5-1.3.4-46.src.rpm 8ac2bf4e79c44334eccf011036807ba5
IA-32:
krb5-devel-1.3.4-46.i386.rpm b567711dbaccedf883dbaacd01285388
krb5-libs-1.3.4-46.i386.rpm f0ff16c33d0c9ba6487c0bf3eaf40779
krb5-server-1.3.4-46.i386.rpm 7a1e837828d09f1acc11a713f63aea39
krb5-workstation-1.3.4-46.i386.rpm b32d2aeec3195125c9257b0e48737614
IA-64:
krb5-devel-1.3.4-46.ia64.rpm 7756cd881f328fa7671f219e82053434
krb5-libs-1.3.4-46.i386.rpm f0ff16c33d0c9ba6487c0bf3eaf40779
krb5-libs-1.3.4-46.ia64.rpm 794211f95860e0d58f6f0bc7ab7c5946
krb5-server-1.3.4-46.ia64.rpm 1e7d50c026975d7da8e18ab8c154c65d
krb5-workstation-1.3.4-46.ia64.rpm bcc973738369b6fb56ebc2fbe0fd0cd2
x86_64:
krb5-devel-1.3.4-46.x86_64.rpm cfc02be36863f29841df446afdb8e7db
krb5-libs-1.3.4-46.i386.rpm f0ff16c33d0c9ba6487c0bf3eaf40779
krb5-libs-1.3.4-46.x86_64.rpm 6703713f9a765367b16a925a3fd9c355
krb5-server-1.3.4-46.x86_64.rpm 29b872e3c0f0d6b2b74991411a5cca06
krb5-workstation-1.3.4-46.x86_64.rpm 7691da20ab235883310409a2c49397a7
Red Hat Enterprise Linux WS (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
krb5-1.2.2-44.src.rpm 8d63a222b9e449609a77bf20224bea5a
IA-32:
krb5-devel-1.2.2-44.i386.rpm e4ec8cf6b9a1edd3e4a6f48f56741730
krb5-libs-1.2.2-44.i386.rpm 6a4de547b1bc9756638c27b85273a8d4
krb5-server-1.2.2-44.i386.rpm 2a8dba9616ab803761112245de87aad2
krb5-workstation-1.2.2-44.i386.rpm a4f6fd148f0a88c5b9df569362ae9efd
Red Hat Enterprise Linux WS (v. 3)
--------------------------------------------------------------------------------
SRPMS:
krb5-1.2.7-61.src.rpm 241aa2f84b51636920795b1d34897082
IA-32:
krb5-devel-1.2.7-61.i386.rpm eaa32e453e972bf98827197c22bdb360
krb5-libs-1.2.7-61.i386.rpm a5d2478c179b637f2a9a38fb22132492
krb5-server-1.2.7-61.i386.rpm 5c0cdb59311fc4f27f0a14d095b587dd
krb5-workstation-1.2.7-61.i386.rpm 3ec0506072852c72d0014f0689ab1767
IA-64:
krb5-devel-1.2.7-61.ia64.rpm bea06113679d91e1c267fa07d7591aee
krb5-libs-1.2.7-61.i386.rpm a5d2478c179b637f2a9a38fb22132492
krb5-libs-1.2.7-61.ia64.rpm d17302e949fe07467399150361169956
krb5-server-1.2.7-61.ia64.rpm 089ab89df9e2457308910c50f05e23d4
krb5-workstation-1.2.7-61.ia64.rpm 89817c78ccf30b26849f3f70e1b9e1c4
x86_64:
krb5-devel-1.2.7-61.x86_64.rpm 972fc297c47083dfaefaf1a8ea9ccab5
krb5-libs-1.2.7-61.i386.rpm a5d2478c179b637f2a9a38fb22132492
krb5-libs-1.2.7-61.x86_64.rpm 9542fea7dbd067e1975bc5366d736d91
krb5-server-1.2.7-61.x86_64.rpm 137c91d6c1a6ca8aa05fefac6bc36513
krb5-workstation-1.2.7-61.x86_64.rpm 4aa5731d9c0be30795581d104855c6c3
Red Hat Enterprise Linux WS (v. 4)
--------------------------------------------------------------------------------
SRPMS:
krb5-1.3.4-46.src.rpm 8ac2bf4e79c44334eccf011036807ba5
IA-32:
krb5-devel-1.3.4-46.i386.rpm b567711dbaccedf883dbaacd01285388
krb5-libs-1.3.4-46.i386.rpm f0ff16c33d0c9ba6487c0bf3eaf40779
krb5-server-1.3.4-46.i386.rpm 7a1e837828d09f1acc11a713f63aea39
krb5-workstation-1.3.4-46.i386.rpm b32d2aeec3195125c9257b0e48737614
IA-64:
krb5-devel-1.3.4-46.ia64.rpm 7756cd881f328fa7671f219e82053434
krb5-libs-1.3.4-46.i386.rpm f0ff16c33d0c9ba6487c0bf3eaf40779
krb5-libs-1.3.4-46.ia64.rpm 794211f95860e0d58f6f0bc7ab7c5946
krb5-server-1.3.4-46.ia64.rpm 1e7d50c026975d7da8e18ab8c154c65d
krb5-workstation-1.3.4-46.ia64.rpm bcc973738369b6fb56ebc2fbe0fd0cd2
x86_64:
krb5-devel-1.3.4-46.x86_64.rpm cfc02be36863f29841df446afdb8e7db
krb5-libs-1.3.4-46.i386.rpm f0ff16c33d0c9ba6487c0bf3eaf40779
krb5-libs-1.3.4-46.x86_64.rpm 6703713f9a765367b16a925a3fd9c355
krb5-server-1.3.4-46.x86_64.rpm 29b872e3c0f0d6b2b74991411a5cca06
krb5-workstation-1.3.4-46.x86_64.rpm 7691da20ab235883310409a2c49397a7
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
--------------------------------------------------------------------------------
SRPMS:
krb5-1.2.2-44.src.rpm 8d63a222b9e449609a77bf20224bea5a
IA-64:
krb5-devel-1.2.2-44.ia64.rpm 1638b9c05c1d7ec3ebfbe35ccef91b21
krb5-libs-1.2.2-44.ia64.rpm f70770ddbaa2e729d66cfa65be97de00
krb5-server-1.2.2-44.ia64.rpm 64ee3aa6cb75d8cfefa33ed1b6bdf6bf
krb5-workstation-1.2.2-44.ia64.rpm 21795085e2bbfe0f522561ec894131a5
(The unlinked packages above are only available from the Red Hat Network)
Bugs fixed (see bugzilla for more information)
229782 - CVE-2007-0956 Unauthorized access via krb5-telnet daemon
231528 - CVE-2007-0957 krb5_klog_syslog() stack buffer overflow
231537 - CVE-2007-1216 krb5 double free flaw
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216
http://www.redhat.com/security/updates/classification/#critical
--------------------------------------------------------------------------------
These packages are GPG signed by Red Hat for security. Our key and details on
how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at
http://www.redhat.com/security/team/contact/
[***** End Red Hat RHSA-2007:0095-4 *****]
_______________________________________________________________________________
CIAC wishes to acknowledge the contributions of Red Hat for the
information contained in this bulletin.
_______________________________________________________________________________
CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.
CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7x24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org
PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
R-183: OpenAFS Vulnerability
R-184: libwpd Security Update
R-185: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilitites
R-186: Lookup-el
R-187: OpenOffice.org Security Update
R-188: InterActual Player SyscheckObject ActiveX Vulnerability
R-189: tcpdump Security Vulnerability
R-190: Network Audio System Vulnerabilties
R-191: Multiple Cisco Unified CallManager and Presence Server Denial of Service Vulnerabilities
R-192: Vulnerabilities in Graphics Rendering Engine (GDI)