Exploit the possiblities

Mandriva Linux Security Advisory 2013-166

Mandriva Linux Security Advisory 2013-166
Posted May 21, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-166 - The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack. The updated packages have been patched to correct this issue.

tags | advisory, udp
systems | linux, mandriva
advisories | CVE-2002-2443
MD5 | fb8357773777991ef6503f2b723f896e

Mandriva Linux Security Advisory 2013-166

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:166
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : krb5
Date : May 21, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been discovered and corrected in krb5:

The kpasswd service provided by kadmind was vulnerable to a UDP
ping-pong attack (CVE-2002-2443).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443
https://bugzilla.redhat.com/show_bug.cgi?id=962531
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
762c01ff4ce813cd3c5acce794c29aa3 mes5/i586/krb5-1.8.1-0.11mdvmes5.2.i586.rpm
415beef49e20f8b89c84b0270afbf1d6 mes5/i586/krb5-pkinit-openssl-1.8.1-0.11mdvmes5.2.i586.rpm
a6bd6778ab49710b1a50633555b0dc27 mes5/i586/krb5-server-1.8.1-0.11mdvmes5.2.i586.rpm
497cfca620c25dd7ce523a61afdccc5e mes5/i586/krb5-server-ldap-1.8.1-0.11mdvmes5.2.i586.rpm
2fe4670b52795e8c74f53e7eee826c2c mes5/i586/krb5-workstation-1.8.1-0.11mdvmes5.2.i586.rpm
22926f634ea6ba5f816c14a2e30cc38a mes5/i586/libkrb53-1.8.1-0.11mdvmes5.2.i586.rpm
477f8f61cd9c8e577cd6797e850978ce mes5/i586/libkrb53-devel-1.8.1-0.11mdvmes5.2.i586.rpm
77c66246600b71f6471f75054e886cd4 mes5/SRPMS/krb5-1.8.1-0.11mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
1cab52ff4c719378b97ec3acbc7d911f mes5/x86_64/krb5-1.8.1-0.11mdvmes5.2.x86_64.rpm
b5d51d32e5eaa96ab973e5ce151a5254 mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.11mdvmes5.2.x86_64.rpm
6218fc79250aaec5c7ca19b193fdb8dc mes5/x86_64/krb5-server-1.8.1-0.11mdvmes5.2.x86_64.rpm
88de99aa8cde8adaee672c265292a355 mes5/x86_64/krb5-server-ldap-1.8.1-0.11mdvmes5.2.x86_64.rpm
39791a90573b4de08efdaf0193bbc5dc mes5/x86_64/krb5-workstation-1.8.1-0.11mdvmes5.2.x86_64.rpm
846b75578bb5559cfcf7aa2ce9e43156 mes5/x86_64/lib64krb53-1.8.1-0.11mdvmes5.2.x86_64.rpm
7351a8d2be13df25ab9c2534489a2da0 mes5/x86_64/lib64krb53-devel-1.8.1-0.11mdvmes5.2.x86_64.rpm
77c66246600b71f6471f75054e886cd4 mes5/SRPMS/krb5-1.8.1-0.11mdvmes5.2.src.rpm

Mandriva Business Server 1/X86_64:
3150d604a21be2373d223457da156734 mbs1/x86_64/krb5-1.9.2-3.3.mbs1.x86_64.rpm
52729f0759e686cfdf5f9c99efc28862 mbs1/x86_64/krb5-pkinit-openssl-1.9.2-3.3.mbs1.x86_64.rpm
4b997282ad6dd76eb7a10f07809bef71 mbs1/x86_64/krb5-server-1.9.2-3.3.mbs1.x86_64.rpm
b10b3c0211e071ab93e818db684098f9 mbs1/x86_64/krb5-server-ldap-1.9.2-3.3.mbs1.x86_64.rpm
417d23306554b1d7d290e8d3fed1a2d8 mbs1/x86_64/krb5-workstation-1.9.2-3.3.mbs1.x86_64.rpm
a17c8e2438c0415c9ea478bcc0715101 mbs1/x86_64/lib64krb53-1.9.2-3.3.mbs1.x86_64.rpm
2d05c4ac4b44be10ea1e3d4337689512 mbs1/x86_64/lib64krb53-devel-1.9.2-3.3.mbs1.x86_64.rpm
95305e2323d63546e970538b7d692447 mbs1/SRPMS/krb5-1.9.2-3.3.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRm3ZlmqjQ0CJFipgRAmRWAJ42vFSB5f9jXtt3hRarBQpqxARd/ACfa9qv
esFWMrXe/0P1/wv2ag87c6w=
=Lg3K
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    16 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    16 Files
  • 23
    Feb 23rd
    31 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close