exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2011-048

Mandriva Linux Security Advisory 2011-048
Posted Mar 18, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-048 - The MIT Kerberos 5 Key Distribution Center daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication capability is enabled, resulting in daemon crash or arbitrary code execution. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2011-0284
SHA-256 | 8f16e65acd90e46a20687b79671d9368ac8dab31b74ae57187de4029b78a1b7b

Mandriva Linux Security Advisory 2011-048

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:048
http://www.mandriva.com/security/
_______________________________________________________________________

Package : krb5
Date : March 18, 2011
Affected: 2010.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered and corrected in krb5:

The MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable
to a double-free condition if the Public Key Cryptography for Initial
Authentication (PKINIT) capability is enabled, resulting in daemon
crash or arbitrary code execution (which is believed to be difficult)
(CVE-2011-0284).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0284
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-003.txt
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.1:
89a5146c09e531a05db7839dedb0a339 2010.1/i586/krb5-1.8.1-5.4mdv2010.2.i586.rpm
a4fbd4e66104d0b025ca5af74042f21a 2010.1/i586/krb5-pkinit-openssl-1.8.1-5.4mdv2010.2.i586.rpm
52d37491abb6044371064e031e3f782c 2010.1/i586/krb5-server-1.8.1-5.4mdv2010.2.i586.rpm
6420550804a52d0cc7602b0d6ce43dd9 2010.1/i586/krb5-server-ldap-1.8.1-5.4mdv2010.2.i586.rpm
a272a19cb39e01caa81f076e98e77b18 2010.1/i586/krb5-workstation-1.8.1-5.4mdv2010.2.i586.rpm
9f1c62745a31910be6574d41b513fff9 2010.1/i586/libkrb53-1.8.1-5.4mdv2010.2.i586.rpm
d3f252a3ee7c998fb475e8c847568f64 2010.1/i586/libkrb53-devel-1.8.1-5.4mdv2010.2.i586.rpm
2148b8ff4cb03a84b7394a09ce8e374c 2010.1/SRPMS/krb5-1.8.1-5.4mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
5fb7896e15aabb6413b5a4a8eb389de2 2010.1/x86_64/krb5-1.8.1-5.4mdv2010.2.x86_64.rpm
87a70bdae97ff07485761ef2825f9af9 2010.1/x86_64/krb5-pkinit-openssl-1.8.1-5.4mdv2010.2.x86_64.rpm
8b533208a389cdc53ef1c7ae175441a7 2010.1/x86_64/krb5-server-1.8.1-5.4mdv2010.2.x86_64.rpm
bc1962507833f15e4dff3f02b3827caa 2010.1/x86_64/krb5-server-ldap-1.8.1-5.4mdv2010.2.x86_64.rpm
b1592aca21fa62525b3ee0d47eca9359 2010.1/x86_64/krb5-workstation-1.8.1-5.4mdv2010.2.x86_64.rpm
6007c476bbe0ed6b77157d01bc71fd56 2010.1/x86_64/lib64krb53-1.8.1-5.4mdv2010.2.x86_64.rpm
3855f3d0ab75f54ebf4dc05f42efed3c 2010.1/x86_64/lib64krb53-devel-1.8.1-5.4mdv2010.2.x86_64.rpm
2148b8ff4cb03a84b7394a09ce8e374c 2010.1/SRPMS/krb5-1.8.1-5.4mdv2010.2.src.rpm

Mandriva Enterprise Server 5:
99f05c23d6049230037ab6fef72b61c2 mes5/i586/krb5-1.8.1-0.5mdvmes5.2.i586.rpm
23bdfb95ae19f56fc5e719cc1a480260 mes5/i586/krb5-pkinit-openssl-1.8.1-0.5mdvmes5.2.i586.rpm
848f15a20fa86057cfdbe2b60c095987 mes5/i586/krb5-server-1.8.1-0.5mdvmes5.2.i586.rpm
485c559ae048ba13e50950b3868a7946 mes5/i586/krb5-server-ldap-1.8.1-0.5mdvmes5.2.i586.rpm
534efaed5cc1a76d53277ac07d7759b4 mes5/i586/krb5-workstation-1.8.1-0.5mdvmes5.2.i586.rpm
93411c0c22cf9d0346b0d3bc8f032db4 mes5/i586/libkrb53-1.8.1-0.5mdvmes5.2.i586.rpm
b40b3bca351d0468893c30dc42174c4c mes5/i586/libkrb53-devel-1.8.1-0.5mdvmes5.2.i586.rpm
79c72436e944990111e6a801166c06b6 mes5/SRPMS/krb5-1.8.1-0.5mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
53eb81cf4d662f16fef45c6c89a48bbb mes5/x86_64/krb5-1.8.1-0.5mdvmes5.2.x86_64.rpm
ae27d729c6a9fd714aaed4ad3692d72d mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.5mdvmes5.2.x86_64.rpm
eff836f154bf1364b5b10be1c80e1373 mes5/x86_64/krb5-server-1.8.1-0.5mdvmes5.2.x86_64.rpm
f22c47a5a4127a1ebb6dcf4e3d8ae8b8 mes5/x86_64/krb5-server-ldap-1.8.1-0.5mdvmes5.2.x86_64.rpm
159e5d962bbb0614fcdeaebd3df3575e mes5/x86_64/krb5-workstation-1.8.1-0.5mdvmes5.2.x86_64.rpm
ad752198fef0ad908eb3e436dec68e82 mes5/x86_64/lib64krb53-1.8.1-0.5mdvmes5.2.x86_64.rpm
80d6aa2d81a91e36ba81725e511b850c mes5/x86_64/lib64krb53-devel-1.8.1-0.5mdvmes5.2.x86_64.rpm
79c72436e944990111e6a801166c06b6 mes5/SRPMS/krb5-1.8.1-0.5mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNgy93mqjQ0CJFipgRAuaiAJ4tzw4dzc/pVOQ9wiQk05dQucvgyQCg2FuS
tK2qBOyw887nWs3Nc/dGDSc=
=Zn18
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close