USN-58-1: MIT Kerberos server vulnerability
Posted on: 01/10/2005 10:32 AM

A MIT Kerberos security update has been released for Ubuntu Linux 4.10

==========================================================
Ubuntu Security Notice USN-58-1 January 10, 2005
krb5 vulnerability
CAN-2004-1189
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

krb5-admin-server
krb5-kdc
libkadm55
libkrb53

The problem can be corrected by upgrading the affected package to version 1.3.4-3ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Michael Tautschnig discovered a possible buffer overflow in the add_to_history() function in the MIT Kerberos 5 implementation. Performing a password change did not properly track the password policy's history count and the maximum number of keys. This could cause an array overflow and may have allowed authenticated users (not necessarily one with administrative privileges) to execute arbitrary code on the KDC host, compromising an entire Kerberos realm.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.4-3ubuntu0.1.diff.gz
Size/MD5: 660788 a3e773e901a67368f8dd322a903f7f81
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.4-3ubuntu0.1.dsc
Size/MD5: 788 e9baf1ebfa972d585f829d7e64465bea
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.4.orig.tar.gz
Size/MD5: 6361011 23ddf1655f7f180835cf34d104088473

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.3.4-3ubuntu0.1_all.deb
Size/MD5: 716542 5b8265007cf5f2176955aacfe3eb45eb

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.4-3ubuntu0.1_amd64.deb
Size/MD5: 103764 7f4720f5b36e50c49f30bc99917dc31a
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.4-3ubuntu0.1_amd64.deb
Size/MD5: 215204 30b4d7e2a133cce888127798b843566a
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.4-3ubuntu0.1_amd64.deb
Size/MD5: 55802 92a9097d2c5fc574d644dd062a2a2d0c
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.4-3ubuntu0.1_amd64.deb
Size/MD5: 123580 977b0f8def9a58ab022a2e8321f5d29d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.4-3ubuntu0.1_amd64.deb
Size/MD5: 81578 58fa9d55d6316f1540d642696509e04b
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.4-3ubuntu0.1_amd64.deb
Size/MD5: 62318 ae6908459976878856a666950f2c956d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.4-3ubuntu0.1_amd64.deb
Size/MD5: 135856 0012a1ff533388ec7a6a4082f9eaa23a
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.4-3ubuntu0.1_amd64.deb
Size/MD5: 176484 e26c41328f72a6b4ff3f9dfd16819429
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.4-3ubuntu0.1_amd64.deb
Size/MD5: 651556 c41b666bd8ba980bb5240c8de4a22a42
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.4-3ubuntu0.1_amd64.deb
Size/MD5: 367872 7c2ddc51d5fb971540aa2ddb74e136d0

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.4-3ubuntu0.1_i386.deb
Size/MD5: 92828 40b738af512065868c3bd38a86652ee0
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.4-3ubuntu0.1_i386.deb
Size/MD5: 186464 a2da914f916c3bf6b53d1c417e74b5cf
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.4-3ubuntu0.1_i386.deb
Size/MD5: 50728 c53fab7706867bfd2e2defaaca0e8aba
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.4-3ubuntu0.1_i386.deb
Size/MD5: 113756 2e6293b7d8788ca1e6584eeb371d4746
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.4-3ubuntu0.1_i386.deb
Size/MD5: 73758 d2b3b94e05e43169379c0d6a742d15e2
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.4-3ubuntu0.1_i386.deb
Size/MD5: 55284 8d279d10b1238c64e8e788e163d10697
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.4-3ubuntu0.1_i386.deb
Size/MD5: 125264 0e37aeb9bf575e214e526148f6021abd
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.4-3ubuntu0.1_i386.deb
Size/MD5: 160580 b735959ba91dad37fd12dd89faf798de
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.4-3ubuntu0.1_i386.deb
Size/MD5: 559754 cccfdccc55db99dce5d79583060ec1a7
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.4-3ubuntu0.1_i386.deb
Size/MD5: 339586 9c4e8bb211b3b463d2293a7e5acebac9

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.4-3ubuntu0.1_powerpc.deb
Size/MD5: 103998 72a3841148e8736286547e3b34b0d42d
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.4-3ubuntu0.1_powerpc.deb
Size/MD5: 214930 137626b6516e100a313612b79f28a2f4
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.4-3ubuntu0.1_powerpc.deb
Size/MD5: 55814 592491f4a84ce02651ec9489d2f64c4e
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.4-3ubuntu0.1_powerpc.deb
Size/MD5: 124368 d68fe5a0c785baa01d2d7e7b6f14477f
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.4-3ubuntu0.1_powerpc.deb
Size/MD5: 81392 2c43228e3b6d42fcdd214a516e9a4329
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.4-3ubuntu0.1_powerpc.deb
Size/MD5: 60498 d2604219b83e84bea7ee2460a626fb59
http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.4-3ubuntu0.1_powerpc.deb
Size/MD5: 141916 fa44026deba1951732f3748381d0f842
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.4-3ubuntu0.1_powerpc.deb
Size/MD5: 164366 b71f6b535f950994b907f39e8685ee57
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.4-3ubuntu0.1_powerpc.deb
Size/MD5: 633862 bc094b01dfd0b507e157c870b6fa94a8
http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.4-3ubuntu0.1_powerpc.deb
Size/MD5: 351532 6fdb209e66b2935696a43f60efad7934


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_58_1_mit_kerberos_server_vulnerability.html)