Mandriva Linux Security Advisory 2010-006 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
9f70ce78c2c0b634beeb98136eb345b2a70b61ec35ea940051ea6afab678304c
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:006
http://www.mandriva.com/security/
_______________________________________________________________________
Package : krb5
Date : January 14, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in krb5:
Multiple integer underflows in the (1) AES and (2) RC4 decryption
functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3
through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause
a denial of service (daemon crash) or possibly execute arbitrary code
by providing ciphertext with a length that is too short to be valid
(CVE-2009-4212).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
3f9877323a8682d46fc8964afe682b2a 2008.0/i586/ftp-client-krb5-1.6.2-7.4mdv2008.0.i586.rpm
4a96d33bb0c2ebcc871dec7987271c31 2008.0/i586/ftp-server-krb5-1.6.2-7.4mdv2008.0.i586.rpm
02f7b03f7b43d9f257ce87d470cc67dc 2008.0/i586/krb5-1.6.2-7.4mdv2008.0.i586.rpm
33652872e25744551c5b926d172e3856 2008.0/i586/krb5-server-1.6.2-7.4mdv2008.0.i586.rpm
8f5632e2f27e303c29d158af200f0f13 2008.0/i586/krb5-workstation-1.6.2-7.4mdv2008.0.i586.rpm
18e849c5ea0e3a887d004bf73d07e79c 2008.0/i586/libkrb53-1.6.2-7.4mdv2008.0.i586.rpm
b8fc5b5f329ff5c554d454798a105e14 2008.0/i586/libkrb53-devel-1.6.2-7.4mdv2008.0.i586.rpm
95379b91c3c320b039ce77846edfff08 2008.0/i586/telnet-client-krb5-1.6.2-7.4mdv2008.0.i586.rpm
b3b487d3d7a4f90b48b7d2ab3865989f 2008.0/i586/telnet-server-krb5-1.6.2-7.4mdv2008.0.i586.rpm
2036d31ad25108ec82fc1863986dfb7e 2008.0/SRPMS/krb5-1.6.2-7.4mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
301d16b552a89c7bdf8756738a9bc7be 2008.0/x86_64/ftp-client-krb5-1.6.2-7.4mdv2008.0.x86_64.rpm
7c15e38d490ee573c86a879f855c1541 2008.0/x86_64/ftp-server-krb5-1.6.2-7.4mdv2008.0.x86_64.rpm
1aab2b07a17ad1c5d44d8f23694f69ea 2008.0/x86_64/krb5-1.6.2-7.4mdv2008.0.x86_64.rpm
cc72244d669ea970cfa6c16d88b5f415 2008.0/x86_64/krb5-server-1.6.2-7.4mdv2008.0.x86_64.rpm
f9a67df29f85dc9dbe5fc6c9686e7d04 2008.0/x86_64/krb5-workstation-1.6.2-7.4mdv2008.0.x86_64.rpm
e90cfe766adb7ee3cfd15a7cc2840926 2008.0/x86_64/lib64krb53-1.6.2-7.4mdv2008.0.x86_64.rpm
f341ee50fb9a7f739d509bcdcea1066c 2008.0/x86_64/lib64krb53-devel-1.6.2-7.4mdv2008.0.x86_64.rpm
910d25bf1af5e907cc58391ee57ebf33 2008.0/x86_64/telnet-client-krb5-1.6.2-7.4mdv2008.0.x86_64.rpm
ab63da7669b7cf4b314a1401783a3c76 2008.0/x86_64/telnet-server-krb5-1.6.2-7.4mdv2008.0.x86_64.rpm
2036d31ad25108ec82fc1863986dfb7e 2008.0/SRPMS/krb5-1.6.2-7.4mdv2008.0.src.rpm
Mandriva Linux 2009.0:
a4b1364b79ec610e5ce69a6e424b0a7c 2009.0/i586/ftp-client-krb5-1.6.3-6.3mdv2009.0.i586.rpm
fee93c3212018c016888f03f11212a96 2009.0/i586/ftp-server-krb5-1.6.3-6.3mdv2009.0.i586.rpm
20f34652bb8f7c47686a93003ad9c5ae 2009.0/i586/krb5-1.6.3-6.3mdv2009.0.i586.rpm
7597f35b3fba535cff3bd8902dc33d07 2009.0/i586/krb5-server-1.6.3-6.3mdv2009.0.i586.rpm
6da86dceb4c78bee8db7b51807fec668 2009.0/i586/krb5-workstation-1.6.3-6.3mdv2009.0.i586.rpm
fb201a257271cbdcc4593738b9113e25 2009.0/i586/libkrb53-1.6.3-6.3mdv2009.0.i586.rpm
5942d94ad05d357c1a31dd9790368c60 2009.0/i586/libkrb53-devel-1.6.3-6.3mdv2009.0.i586.rpm
2c7635939ff41721ea0c6cba421815c1 2009.0/i586/telnet-client-krb5-1.6.3-6.3mdv2009.0.i586.rpm
1ca5ef8f0a48b9fc1e8c36a8dd362075 2009.0/i586/telnet-server-krb5-1.6.3-6.3mdv2009.0.i586.rpm
e7fd2cc66b4e98da26c3f91af3cbc525 2009.0/SRPMS/krb5-1.6.3-6.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
6275f96cc4343d9ba150bfb69a48c7b8 2009.0/x86_64/ftp-client-krb5-1.6.3-6.3mdv2009.0.x86_64.rpm
42fbda00420d8f44d75a4c9fab3ad9d5 2009.0/x86_64/ftp-server-krb5-1.6.3-6.3mdv2009.0.x86_64.rpm
936801a3bdee5c5b9e607bb7cd3d62c5 2009.0/x86_64/krb5-1.6.3-6.3mdv2009.0.x86_64.rpm
b56dbdd4152d22ee2acba1742ce74004 2009.0/x86_64/krb5-server-1.6.3-6.3mdv2009.0.x86_64.rpm
8ae88653dc5691c0c7a1f332e5a33642 2009.0/x86_64/krb5-workstation-1.6.3-6.3mdv2009.0.x86_64.rpm
99d8806257038016407df425343c56de 2009.0/x86_64/lib64krb53-1.6.3-6.3mdv2009.0.x86_64.rpm
774240afcd37643f1679c4b9a9ce3962 2009.0/x86_64/lib64krb53-devel-1.6.3-6.3mdv2009.0.x86_64.rpm
ee345eaba4e7fa8a72a2a913afeb9e9c 2009.0/x86_64/telnet-client-krb5-1.6.3-6.3mdv2009.0.x86_64.rpm
7347799b83f403d542a4508a21fa3183 2009.0/x86_64/telnet-server-krb5-1.6.3-6.3mdv2009.0.x86_64.rpm
e7fd2cc66b4e98da26c3f91af3cbc525 2009.0/SRPMS/krb5-1.6.3-6.3mdv2009.0.src.rpm
Mandriva Linux 2009.1:
bd940c4dbe3bbbf108b594cd9244371d 2009.1/i586/ftp-client-krb5-1.6.3-9.1mdv2009.1.i586.rpm
41a83f30682b4561faa3dc7870b1231c 2009.1/i586/ftp-server-krb5-1.6.3-9.1mdv2009.1.i586.rpm
5b29f9816936b6e7afa9b63820b95808 2009.1/i586/krb5-1.6.3-9.1mdv2009.1.i586.rpm
8aafae4efbb0e8d1857cf96e2997688d 2009.1/i586/krb5-server-1.6.3-9.1mdv2009.1.i586.rpm
630032e65b25747cafa372e574ba1586 2009.1/i586/krb5-workstation-1.6.3-9.1mdv2009.1.i586.rpm
b31943f4cafc6ef9ffecc1608c99905e 2009.1/i586/libkrb53-1.6.3-9.1mdv2009.1.i586.rpm
75fc0bd8c2b539960b01f174e72f54e4 2009.1/i586/libkrb53-devel-1.6.3-9.1mdv2009.1.i586.rpm
12be918c75c4f7cb5f4784f60b2ec158 2009.1/i586/telnet-client-krb5-1.6.3-9.1mdv2009.1.i586.rpm
01ec226f86423f5c6cf8b30d4c29db87 2009.1/i586/telnet-server-krb5-1.6.3-9.1mdv2009.1.i586.rpm
02b9bf1009a7e3008ed7cae62b675f55 2009.1/SRPMS/krb5-1.6.3-9.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
cef0e37c65bfb093867178fca02ab907 2009.1/x86_64/ftp-client-krb5-1.6.3-9.1mdv2009.1.x86_64.rpm
a7ac92a92d0b8c32650270c16b0283d9 2009.1/x86_64/ftp-server-krb5-1.6.3-9.1mdv2009.1.x86_64.rpm
c9f6ff66414fc599a6cab64a97467024 2009.1/x86_64/krb5-1.6.3-9.1mdv2009.1.x86_64.rpm
538d4e0927a67a94b71b2dff60ba7316 2009.1/x86_64/krb5-server-1.6.3-9.1mdv2009.1.x86_64.rpm
0ba16572e547c68e1cf2f92e5dcfe15b 2009.1/x86_64/krb5-workstation-1.6.3-9.1mdv2009.1.x86_64.rpm
3e663e156b9ae82e0fadf8b6f46690c7 2009.1/x86_64/lib64krb53-1.6.3-9.1mdv2009.1.x86_64.rpm
2e680d93f015df4d90bce51c88cda06b 2009.1/x86_64/lib64krb53-devel-1.6.3-9.1mdv2009.1.x86_64.rpm
2cbec209ac41a9ac6abdbd68cb41026f 2009.1/x86_64/telnet-client-krb5-1.6.3-9.1mdv2009.1.x86_64.rpm
774a2db3e4d5cac26a6ebccf38515263 2009.1/x86_64/telnet-server-krb5-1.6.3-9.1mdv2009.1.x86_64.rpm
02b9bf1009a7e3008ed7cae62b675f55 2009.1/SRPMS/krb5-1.6.3-9.1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
9564e64639655042be33cfb07adc5b0b 2010.0/i586/ftp-client-krb5-1.6.3-10.1mdv2010.0.i586.rpm
a865166a92ce13223b4190c7fb565a33 2010.0/i586/ftp-server-krb5-1.6.3-10.1mdv2010.0.i586.rpm
688a8ecbdd3bb15d58dc8295644bb156 2010.0/i586/krb5-1.6.3-10.1mdv2010.0.i586.rpm
97b7799f4c8d6c94a48bb9b3f26011c0 2010.0/i586/krb5-server-1.6.3-10.1mdv2010.0.i586.rpm
4bfc674dc65684e19ec8227aed05a197 2010.0/i586/krb5-workstation-1.6.3-10.1mdv2010.0.i586.rpm
9091b1c647849b00eb5c21b2fa94c2e4 2010.0/i586/libkrb53-1.6.3-10.1mdv2010.0.i586.rpm
f4f3e295f6df824bed200dcf279ca783 2010.0/i586/libkrb53-devel-1.6.3-10.1mdv2010.0.i586.rpm
ff64a92f06e6f195858df9bf9c8ed553 2010.0/i586/telnet-client-krb5-1.6.3-10.1mdv2010.0.i586.rpm
3b69b319ddf80606333f4ba9f2eaab1e 2010.0/i586/telnet-server-krb5-1.6.3-10.1mdv2010.0.i586.rpm
eed078830ca8c373a67a36659f4156f7 2010.0/SRPMS/krb5-1.6.3-10.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
a8ca79e8c3545f27cccec7263938fa58 2010.0/x86_64/ftp-client-krb5-1.6.3-10.1mdv2010.0.x86_64.rpm
61ea43e5c1231ced9d4dbe512797d95c 2010.0/x86_64/ftp-server-krb5-1.6.3-10.1mdv2010.0.x86_64.rpm
55dfc203493c90de20dac60b68e459c6 2010.0/x86_64/krb5-1.6.3-10.1mdv2010.0.x86_64.rpm
6a5c2e2650a76a04d14cf2192dc538b4 2010.0/x86_64/krb5-server-1.6.3-10.1mdv2010.0.x86_64.rpm
be19d730d33044d4590173e3e9ba2133 2010.0/x86_64/krb5-workstation-1.6.3-10.1mdv2010.0.x86_64.rpm
a8d3b964ad62ff26949ecd00db886bff 2010.0/x86_64/lib64krb53-1.6.3-10.1mdv2010.0.x86_64.rpm
f459014d92766147b96cbd9d66080d9d 2010.0/x86_64/lib64krb53-devel-1.6.3-10.1mdv2010.0.x86_64.rpm
7a74b79812a6698fe525c72dd98d921e 2010.0/x86_64/telnet-client-krb5-1.6.3-10.1mdv2010.0.x86_64.rpm
577e8189b4f47b9842ec8efdbd6c8807 2010.0/x86_64/telnet-server-krb5-1.6.3-10.1mdv2010.0.x86_64.rpm
eed078830ca8c373a67a36659f4156f7 2010.0/SRPMS/krb5-1.6.3-10.1mdv2010.0.src.rpm
Corporate 4.0:
11d1e94b3a744f25b1f213f503a8b55b corporate/4.0/i586/ftp-client-krb5-1.4.3-5.8.20060mlcs4.i586.rpm
1e982756728c4ec0f6a22706e56fdc55 corporate/4.0/i586/ftp-server-krb5-1.4.3-5.8.20060mlcs4.i586.rpm
519ea60566ff8d244ef91bc7a8e6b04e corporate/4.0/i586/krb5-server-1.4.3-5.8.20060mlcs4.i586.rpm
3fbc6a845ad8e98d6386970e21ed4cc7 corporate/4.0/i586/krb5-workstation-1.4.3-5.8.20060mlcs4.i586.rpm
20f8ec3a710b7b79c9eefdc81f482ce1 corporate/4.0/i586/libkrb53-1.4.3-5.8.20060mlcs4.i586.rpm
ad8100f3ae7d7b9aa509b3170b0ac06f corporate/4.0/i586/libkrb53-devel-1.4.3-5.8.20060mlcs4.i586.rpm
02fcbbb73c1215b5ce8f91a56090df6c corporate/4.0/i586/telnet-client-krb5-1.4.3-5.8.20060mlcs4.i586.rpm
d0dfe23c09df8bca5868a3dd3d81089d corporate/4.0/i586/telnet-server-krb5-1.4.3-5.8.20060mlcs4.i586.rpm
c9dd7050a59cb960bc59d01e483c03f8 corporate/4.0/SRPMS/krb5-1.4.3-5.8.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
9905fff64fe507df407d33b2c46c557e corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.8.20060mlcs4.x86_64.rpm
16811f6f81fc25320addad1407adbae6 corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.8.20060mlcs4.x86_64.rpm
7e3843649e333d06f44953ba4d4c94bd corporate/4.0/x86_64/krb5-server-1.4.3-5.8.20060mlcs4.x86_64.rpm
db6163aa45a273d11317520cdb0f18d9 corporate/4.0/x86_64/krb5-workstation-1.4.3-5.8.20060mlcs4.x86_64.rpm
85c0e587bc48849e54d1e4127b66558e corporate/4.0/x86_64/lib64krb53-1.4.3-5.8.20060mlcs4.x86_64.rpm
6716a25c13927ca9f6e0911247a6b876 corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.8.20060mlcs4.x86_64.rpm
99fa0b4fc421b693f54bf879bbe3c047 corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.8.20060mlcs4.x86_64.rpm
f9cbce455397f88045252285e3a64bd8 corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.8.20060mlcs4.x86_64.rpm
c9dd7050a59cb960bc59d01e483c03f8 corporate/4.0/SRPMS/krb5-1.4.3-5.8.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
d50077d7d3b27f062ae467e549cd7b9f mes5/i586/ftp-client-krb5-1.6.3-6.3mdvmes5.i586.rpm
bf657fb82c0a36c8529ef04f0011c400 mes5/i586/ftp-server-krb5-1.6.3-6.3mdvmes5.i586.rpm
6a4ff9bd908826bb24f1f6d9137689e4 mes5/i586/krb5-1.6.3-6.3mdvmes5.i586.rpm
3027f3803ce6c7e2717f66b77d302bce mes5/i586/krb5-server-1.6.3-6.3mdvmes5.i586.rpm
d201545cdd247981dec705d241338bbf mes5/i586/krb5-workstation-1.6.3-6.3mdvmes5.i586.rpm
ade134ee20c6b125a70f2c5abf7e62fb mes5/i586/libkrb53-1.6.3-6.3mdvmes5.i586.rpm
19984a6230fcf62b212428a9b803b7b0 mes5/i586/libkrb53-devel-1.6.3-6.3mdvmes5.i586.rpm
190a03e8f7adb0d0f8a379686cb2ebd8 mes5/i586/telnet-client-krb5-1.6.3-6.3mdvmes5.i586.rpm
e32d3dbd5f13fc6d72eb8556a3c9e6e8 mes5/i586/telnet-server-krb5-1.6.3-6.3mdvmes5.i586.rpm
0a2e367569882611418e9598385060e0 mes5/SRPMS/krb5-1.6.3-6.3mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
5ea302ca4e8396db1c1f2042be2c94dc mes5/x86_64/ftp-client-krb5-1.6.3-6.3mdvmes5.x86_64.rpm
6a3a878b4f60c3f9120380d2fcadf2af mes5/x86_64/ftp-server-krb5-1.6.3-6.3mdvmes5.x86_64.rpm
90c75c976fa6a17262fed6d79caccd9d mes5/x86_64/krb5-1.6.3-6.3mdvmes5.x86_64.rpm
0313f491dc95f84ecc45364517e5ba67 mes5/x86_64/krb5-server-1.6.3-6.3mdvmes5.x86_64.rpm
067614ffabfd4022f80a7d8f597040da mes5/x86_64/krb5-workstation-1.6.3-6.3mdvmes5.x86_64.rpm
8c78c5dda0926034d5ece745b54f00ba mes5/x86_64/lib64krb53-1.6.3-6.3mdvmes5.x86_64.rpm
c0c2c1ab821ea82c6d3172545f2d5964 mes5/x86_64/lib64krb53-devel-1.6.3-6.3mdvmes5.x86_64.rpm
d03ed0167fd730966550a154dcd25dea mes5/x86_64/telnet-client-krb5-1.6.3-6.3mdvmes5.x86_64.rpm
d6c921c559d457fdb223b29b652946c6 mes5/x86_64/telnet-server-krb5-1.6.3-6.3mdvmes5.x86_64.rpm
0a2e367569882611418e9598385060e0 mes5/SRPMS/krb5-1.6.3-6.3mdvmes5.src.rpm
Multi Network Firewall 2.0:
8188672e283e7da25f3eb40e74e9076f mnf/2.0/i586/ftp-client-krb5-1.3-6.12.M20mdk.i586.rpm
fee1405f8ffd2dc543c0940622489f42 mnf/2.0/i586/ftp-server-krb5-1.3-6.12.M20mdk.i586.rpm
a03f612767fbd3086da601342dae6976 mnf/2.0/i586/krb5-server-1.3-6.12.M20mdk.i586.rpm
e8dede7893cea03f48ca05a916435908 mnf/2.0/i586/krb5-workstation-1.3-6.12.M20mdk.i586.rpm
9c67f6a724c630e005fa089543db4e01 mnf/2.0/i586/libkrb51-1.3-6.12.M20mdk.i586.rpm
dced641a293b9f03eeb6a71562a9eea9 mnf/2.0/i586/libkrb51-devel-1.3-6.12.M20mdk.i586.rpm
37ba8ce1cef8294236737f8b5c7b9452 mnf/2.0/i586/telnet-client-krb5-1.3-6.12.M20mdk.i586.rpm
a21c4de771c3bed1ed0ac5ee2adcc4c7 mnf/2.0/i586/telnet-server-krb5-1.3-6.12.M20mdk.i586.rpm
ae1202ff24cc4705c50fcf19ebbead3e mnf/2.0/SRPMS/krb5-1.3-6.12.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLTlEsmqjQ0CJFipgRAnCcAJ0b0JhMdewhYqHwbTvOjCC6nZsZ3wCdHcmw
Ac0nN6ORevU6+zoGxZNiXL4=
=dKt1
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed