Secunia Security Advisory - Mandriva has issued an update for krb5. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
0569836bbca85043bf9c3b66c6f81dddddc5658c2b0a73c9efa2dd92fcfb8c6c
----------------------------------------------------------------------
Secunia customers receive relevant and filtered advisories.
Delivery is done via different channels including SMS, Email, Web,
and https based XML feed.
http://corporate.secunia.com/trial/38/request/
----------------------------------------------------------------------
TITLE:
Mandriva update for krb5
SECUNIA ADVISORY ID:
SA24979
VERIFY ADVISORY:
http://secunia.com/advisories/24979/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
OPERATING SYSTEM:
Mandriva Linux 2007
http://secunia.com/product/12165/
DESCRIPTION:
Mandriva has issued an update for krb5. This fixes a security issue,
which can be exploited by malicious, local users to gain escalated
privileges.
The security issue is due to an error where modules are loaded from a
certain potentially insecure location and can be exploited to execute
arbitrary code with escalated privileges.
SOLUTION:
Apply updated packages.
-- Mandriva Linux 2007.1 --
1f920aac69205ebc55feb4483b88f1be
2007.1/i586/ftp-client-krb5-1.5.2-6.2mdv2007.1.i586.rpm
33c691d619af154edf28417b38c1ab90
2007.1/i586/ftp-server-krb5-1.5.2-6.2mdv2007.1.i586.rpm
ffd93d8b493f4d3cad20d1387021ed91
2007.1/i586/krb5-server-1.5.2-6.2mdv2007.1.i586.rpm
5b1dde7e492cdd0fc5b131c4df008bf3
2007.1/i586/krb5-workstation-1.5.2-6.2mdv2007.1.i586.rpm
f65941778953f0396f3307872d05e5ae
2007.1/i586/libkrb53-1.5.2-6.2mdv2007.1.i586.rpm
a28df16eab4e38fa425ea8f2c0cd482d
2007.1/i586/libkrb53-devel-1.5.2-6.2mdv2007.1.i586.rpm
a6866af02d2dcad5688a9a722c42abaf
2007.1/i586/telnet-client-krb5-1.5.2-6.2mdv2007.1.i586.rpm
d950b8428b80b7aa72b8b62228616fab
2007.1/i586/telnet-server-krb5-1.5.2-6.2mdv2007.1.i586.rpm
f3d13c1b5c10f990288e2bb1ae8fbec9
2007.1/SRPMS/krb5-1.5.2-6.2mdv2007.1.src.rpm
-- Mandriva Linux 2007.1/X86_64 --
84de03a0a6a6e943794ec27a67bbcefd
2007.1/x86_64/ftp-client-krb5-1.5.2-6.2mdv2007.1.x86_64.rpm
3f8e1a9bd6af23839750f6376dd5c7b4
2007.1/x86_64/ftp-server-krb5-1.5.2-6.2mdv2007.1.x86_64.rpm
0a0c097aea83b5e524a15706cd73bcd1
2007.1/x86_64/krb5-server-1.5.2-6.2mdv2007.1.x86_64.rpm
95c2232afc4394f48731c1f9410eea9d
2007.1/x86_64/krb5-workstation-1.5.2-6.2mdv2007.1.x86_64.rpm
6877a85fe2ce8766bba68090163fb67d
2007.1/x86_64/lib64krb53-1.5.2-6.2mdv2007.1.x86_64.rpm
19506808bf27f7eeac1bbdb5c0efa98c
2007.1/x86_64/lib64krb53-devel-1.5.2-6.2mdv2007.1.x86_64.rpm
147dec07b177c00284559c1d205779bb
2007.1/x86_64/telnet-client-krb5-1.5.2-6.2mdv2007.1.x86_64.rpm
f133917514ef86be627e63debb1ca379
2007.1/x86_64/telnet-server-krb5-1.5.2-6.2mdv2007.1.x86_64.rpm
f3d13c1b5c10f990288e2bb1ae8fbec9
2007.1/SRPMS/krb5-1.5.2-6.2mdv2007.1.src.rpm
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.mandriva.com/security/advisories?name=MDKA-2007:026
http://qa.mandriva.com/show_bug.cgi?id=30349
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------