Executive Summary
| Summary | |
|---|---|
| Title | Updated krb5 packages fix security issues |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2004:350 | First vendor Publication | 2004-08-31 |
| Vendor | RedHat | Last vendor Modification | 2004-08-31 |
| Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated krb5 packages that improve client responsiveness and fix several security issues are now available for Red Hat Enterprise Linux 3. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execuate arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0642 and CAN-2004-0643 to these issues. A double-free bug was also found in the krb524 server (CAN-2004-0772), however this issue does not affect Red Hat Enterprise Linux 3 Kerberos packages. An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0644 to this issue. When attempting to contact a KDC, the Kerberos libraries will iterate through the list of configured servers, attempting to contact each in turn. If one of the servers becomes unresponsive, the client will time out and contact the next configured server. When the library attempts to contact the next KDC, the entire process is repeated. For applications which must contact a KDC several times, the accumulated time spent waiting can become significant. This update modifies the libraries, notes which server for a given realm last responded to a request, and attempts to contact that server first before contacting any of the other configured servers. All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/krb5-1.2.7-28.src.rpm 3c91ce8bc77bd9bc5bf2f00c09d23cff krb5-1.2.7-28.src.rpm i386: 758976fe956ac98a73809b4cc716d4c5 krb5-devel-1.2.7-28.i386.rpm 6a5c52f4ec0a575ca3f22696c592ecc6 krb5-libs-1.2.7-28.i386.rpm d805a5ef4dc5c16f1a6957cd60769076 krb5-server-1.2.7-28.i386.rpm 2fee85ec1cc48fe67b90cd9954149321 krb5-workstation-1.2.7-28.i386.rpm ia64: 2d5b6ce0d861cb35c66e9ce11321ca09 krb5-devel-1.2.7-28.ia64.rpm dd27b1cfed80262c724f20400d174ae6 krb5-libs-1.2.7-28.ia64.rpm 0c0b19114325ab9b9798398009abc745 krb5-server-1.2.7-28.ia64.rpm b6d331840e0a625073c03f3629b71b6f krb5-workstation-1.2.7-28.ia64.rpm ppc: 548446398708f1ee3a1820be932c427c krb5-devel-1.2.7-28.ppc.rpm 32f8d495713aad38cf0961e7eab8146f krb5-libs-1.2.7-28.ppc.rpm 2805823ff0ceeb7fd084f4cd1322f180 krb5-server-1.2.7-28.ppc.rpm c896eb2e27858495ca85a7f4f60b7d9d krb5-workstation-1.2.7-28.ppc.rpm ppc64: 9571b0242acad9ec5601b941aa5cf93e krb5-devel-1.2.7-28.ppc64.rpm 8bba9563078f648f8399be16a4a52d2a krb5-libs-1.2.7-28.ppc64.rpm 48df8c1d94161a229cf5d52e0f2224ed krb5-server-1.2.7-28.ppc64.rpm 683c8c478512a0d2ef8d4b631e038501 krb5-workstation-1.2.7-28.ppc64.rpm s390: e1ab9eb4bef50ef7830e9504c988e4b8 krb5-devel-1.2.7-28.s390.rpm 4786e0ba3adbccca954fb2dee1034dd7 krb5-libs-1.2.7-28.s390.rpm 3b17e6311a345c13efa0322a6f47e08f krb5-server-1.2.7-28.s390.rpm ce72c91a8d4dd92969bc099866a693cd krb5-workstation-1.2.7-28.s390.rpm s390x: 9c3c9f758c4a619e852f5289f31614fd krb5-devel-1.2.7-28.s390x.rpm 94d14bb7d2e34140941c51839b4cf4f6 krb5-libs-1.2.7-28.s390x.rpm 9e11ac40de7e36037cc4da2346c5f64f krb5-server-1.2.7-28.s390x.rpm c2f65cd14134efa5794c732ed7e210df krb5-workstation-1.2.7-28.s390x.rpm x86_64: 4b5d4f9ec25bf69bf3d1632b8f9dfece krb5-devel-1.2.7-28.x86_64.rpm 3ba1a8cda52f4c5c4f235390b5ab231c krb5-libs-1.2.7-28.x86_64.rpm 4dae049940b908786c4c18ec2c4633e0 krb5-server-1.2.7-28.x86_64.rpm c68b7f6f4571165da841e89fb2de809d krb5-workstation-1.2.7-28.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/krb5-1.2.7-28.src.rpm 3c91ce8bc77bd9bc5bf2f00c09d23cff krb5-1.2.7-28.src.rpm i386: 758976fe956ac98a73809b4cc716d4c5 krb5-devel-1.2.7-28.i386.rpm 6a5c52f4ec0a575ca3f22696c592ecc6 krb5-libs-1.2.7-28.i386.rpm d805a5ef4dc5c16f1a6957cd60769076 krb5-server-1.2.7-28.i386.rpm 2fee85ec1cc48fe67b90cd9954149321 krb5-workstation-1.2.7-28.i386.rpm x86_64: 4b5d4f9ec25bf69bf3d1632b8f9dfece krb5-devel-1.2.7-28.x86_64.rpm 3ba1a8cda52f4c5c4f235390b5ab231c krb5-libs-1.2.7-28.x86_64.rpm 4dae049940b908786c4c18ec2c4633e0 krb5-server-1.2.7-28.x86_64.rpm c68b7f6f4571165da841e89fb2de809d krb5-workstation-1.2.7-28.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/krb5-1.2.7-28.src.rpm 3c91ce8bc77bd9bc5bf2f00c09d23cff krb5-1.2.7-28.src.rpm i386: 758976fe956ac98a73809b4cc716d4c5 krb5-devel-1.2.7-28.i386.rpm 6a5c52f4ec0a575ca3f22696c592ecc6 krb5-libs-1.2.7-28.i386.rpm d805a5ef4dc5c16f1a6957cd60769076 krb5-server-1.2.7-28.i386.rpm 2fee85ec1cc48fe67b90cd9954149321 krb5-workstation-1.2.7-28.i386.rpm ia64: 2d5b6ce0d861cb35c66e9ce11321ca09 krb5-devel-1.2.7-28.ia64.rpm dd27b1cfed80262c724f20400d174ae6 krb5-libs-1.2.7-28.ia64.rpm 0c0b19114325ab9b9798398009abc745 krb5-server-1.2.7-28.ia64.rpm b6d331840e0a625073c03f3629b71b6f krb5-workstation-1.2.7-28.ia64.rpm x86_64: 4b5d4f9ec25bf69bf3d1632b8f9dfece krb5-devel-1.2.7-28.x86_64.rpm 3ba1a8cda52f4c5c4f235390b5ab231c krb5-libs-1.2.7-28.x86_64.rpm 4dae049940b908786c4c18ec2c4633e0 krb5-server-1.2.7-28.x86_64.rpm c68b7f6f4571165da841e89fb2de809d krb5-workstation-1.2.7-28.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/krb5-1.2.7-28.src.rpm 3c91ce8bc77bd9bc5bf2f00c09d23cff krb5-1.2.7-28.src.rpm i386: 758976fe956ac98a73809b4cc716d4c5 krb5-devel-1.2.7-28.i386.rpm 6a5c52f4ec0a575ca3f22696c592ecc6 krb5-libs-1.2.7-28.i386.rpm d805a5ef4dc5c16f1a6957cd60769076 krb5-server-1.2.7-28.i386.rpm 2fee85ec1cc48fe67b90cd9954149321 krb5-workstation-1.2.7-28.i386.rpm ia64: 2d5b6ce0d861cb35c66e9ce11321ca09 krb5-devel-1.2.7-28.ia64.rpm dd27b1cfed80262c724f20400d174ae6 krb5-libs-1.2.7-28.ia64.rpm 0c0b19114325ab9b9798398009abc745 krb5-server-1.2.7-28.ia64.rpm b6d331840e0a625073c03f3629b71b6f krb5-workstation-1.2.7-28.ia64.rpm x86_64: 4b5d4f9ec25bf69bf3d1632b8f9dfece krb5-devel-1.2.7-28.x86_64.rpm 3ba1a8cda52f4c5c4f235390b5ab231c krb5-libs-1.2.7-28.x86_64.rpm 4dae049940b908786c4c18ec2c4633e0 krb5-server-1.2.7-28.x86_64.rpm c68b7f6f4571165da841e89fb2de809d krb5-workstation-1.2.7-28.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2004-350.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-415 | Double Free |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10014 | |||
| Oval ID: | oval:org.mitre.oval:def:10014 | ||
| Title: | The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding. | ||
| Description: | The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0644 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10267 | |||
| Oval ID: | oval:org.mitre.oval:def:10267 | ||
| Title: | Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. | ||
| Description: | Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0643 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10709 | |||
| Oval ID: | oval:org.mitre.oval:def:10709 | ||
| Title: | Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code. | ||
| Description: | Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0642 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:2139 | |||
| Oval ID: | oval:org.mitre.oval:def:2139 | ||
| Title: | Kerberos 5 ASN.1 Library DoS | ||
| Description: | The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0644 | Version: | 1 |
| Platform(s): | Sun Solaris 9 | Product(s): | Kerberos5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:3322 | |||
| Oval ID: | oval:org.mitre.oval:def:3322 | ||
| Title: | Kerberos 5 Double-free Vulnerability in krb5_rd_cred Function | ||
| Description: | Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0643 | Version: | 1 |
| Platform(s): | Sun Solaris 9 | Product(s): | Kerberos5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:4661 | |||
| Oval ID: | oval:org.mitre.oval:def:4661 | ||
| Title: | MIT Kerberos 5 Multiple Double-Free Vulnerabilities | ||
| Description: | Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0772 | Version: | 1 |
| Platform(s): | Sun Solaris 9 | Product(s): | Kerberos5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:4936 | |||
| Oval ID: | oval:org.mitre.oval:def:4936 | ||
| Title: | Kerberos 5 KDC ASN.1 Error Handling Double-free Vulnerabilities | ||
| Description: | Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0642 | Version: | 1 |
| Platform(s): | Sun Solaris 9 | Product(s): | Kerberos5 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-09 (mit-krb5) File : nvt/glsa_200409_09.nasl |
| 2008-09-04 | Name : FreeBSD Ports: krb5 File : nvt/freebsd_krb50.nasl |
| 2008-09-04 | Name : FreeBSD Ports: krb5 File : nvt/freebsd_krb51.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 543-1 (krb5) File : nvt/deb_543_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 9409 | MIT Kerberos 5 krb524d Double-free Error Condition Code Execution MIT Kerberos contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is due to a double-free condition inside the Key Distribution Center (KDC) code. Under some circumstances, a KDC host could be compromised by a remote attacker. No further details have been provided. |
| 9408 | MIT Kerberos 5 krb524d krb5_rd_cred() Arbitrary Code Execution Keberos contains a flaw that may allow a malicious user to execute arbitrary commaands. The issue is triggered when krb5_rd_cread() tries to free allready freed buffers that were returned by decode_krb5_enc_cred_part() when error occurs. It is possible that the flaw may allow compromise entire Kerberos realm if victim is running KDC resulting in a loss of integrity. |
| 9407 | MIT Kerberos 5 Double-free Error Condition Code Execution MIT Kerberos 5 contains a flaw related to a double free in the KDC ASN.1 error handling code that may allow an attacker to run privileged code of the attackers choosing. MIT note that no published means of exploiting a double free is known, impying that a real world exploit would be difficult at best. Should this feat be achieved, a complete Kerberos realm could be compromised. |
| 9406 | MIT Kerberos 5 ASN.1 Decoder DoS MIT Kerberos 5 distribution contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker impersonating a legitimate key distribution center or application server may cause a client program to hang inside an infinite loop via a specially crafted BER encoding and will result in loss of availability of the service. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-04-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_86a98b57fb8e11d89343000a95bc6fae.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_bd60922bfb8d11d8a13e000a95bc6fae.nasl - Type : ACT_GATHER_INFO |
| 2004-12-02 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd20041202.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-543.nasl - Type : ACT_GATHER_INFO |
| 2004-09-07 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-088.nasl - Type : ACT_GATHER_INFO |
| 2004-09-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200409-09.nasl - Type : ACT_GATHER_INFO |
| 2004-09-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-350.nasl - Type : ACT_GATHER_INFO |
| 2004-09-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-448.nasl - Type : ACT_GATHER_INFO |
| 2004-08-31 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-276.nasl - Type : ACT_GATHER_INFO |
| 2004-08-31 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-277.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote host is using an unsupported version of Mac OS X. File : macosx_version.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-052.nasl - Type : ACT_GATHER_INFO |
| 2003-04-03 | Name : It may be possible to execute arbitrary code on the remote Kerberos server. File : kerberos5_issues.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:48:33 |
|
| 2013-05-11 12:22:33 |
|
