AusCERT - AU-2007.0020 -- AusCERT Update - [RedHat] - Important: corrected krb5 security update

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
AU-2007.0020 -- AusCERT Update - [RedHat] - Important: corrected krb5 security update
Date: 10 September 2007
References: ESB-2007.0670 AU-2007.0019

Click here for printable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AusCERT Update AU-2007.0020 - [RedHat]
Important: corrected krb5 security update
10 September 2007

        AusCERT Update Summary
        ----------------------

Product:              krb5-server (Kerberos)
Publisher:            Red Hat
Operating System:     Red Hat Enterprise Linux AS/ES/WS 5
Impact:               Denial of Service
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-4743 CVE-2007-3999

Ref:                  ESB-2007.0670
                      AU-2007.0019

Original Bulletin:    https://rhn.redhat.com/errata/RHSA-2007-0892.html

Comment: The previous Red Hat update for krb5 introduced a new overflow
         vulnerability that allows denial of service. This new update
         replaces the previous one and addresses this problem.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: krb5 security update
Advisory ID:       RHSA-2007:0892-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0892.html
Issue date:        2007-09-07
Updated on:        2007-09-07
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-4743 
- - ---------------------------------------------------------------------

1. Summary:

Updated krb5 packages that correct a security flaw are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other through use of symmetric encryption
and a trusted third party, the KDC.  kadmind is the KADM5 administration
server.

The MIT Kerberos Team discovered a problem with the originally published
patch for svc_auth_gss.c (CVE-2007-3999).  A remote unauthenticated
attacker who can access kadmind could trigger this flaw and cause kadmind
to crash.  On Red Hat Enterprise Linux 5 it is not possible to exploit this
flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE.
(CVE-2007-4743)

This issue did not affect the versions of Kerberos distributed with Red
Hat Enterprise Linux 2.1, 3, or 4.

Users of krb5-server are advised to update to these erratum packages which
contain a corrected backported fix for this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

281561 - CVE-2007-4743 krb5 incomplete fix for CVE-2007-3999

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/krb5-1.5-29.src.rpm
825ddbdc5d0d34099fc4ad64d36f4319  krb5-1.5-29.src.rpm

i386:
49c6bed26fe92556ea56746ef315eb4a  krb5-debuginfo-1.5-29.i386.rpm
00fd7d19bdfb7206bc203e7320250761  krb5-libs-1.5-29.i386.rpm
3ef36114368f3cbd86e062c07271948c  krb5-workstation-1.5-29.i386.rpm

x86_64:
49c6bed26fe92556ea56746ef315eb4a  krb5-debuginfo-1.5-29.i386.rpm
1faafca4b40f16e908c61dcdc3d790ab  krb5-debuginfo-1.5-29.x86_64.rpm
00fd7d19bdfb7206bc203e7320250761  krb5-libs-1.5-29.i386.rpm
c164118f540ee1bac62d882fe9dec19f  krb5-libs-1.5-29.x86_64.rpm
de907c36f79439aaa445ae73c5582fce  krb5-workstation-1.5-29.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/krb5-1.5-29.src.rpm
825ddbdc5d0d34099fc4ad64d36f4319  krb5-1.5-29.src.rpm

i386:
49c6bed26fe92556ea56746ef315eb4a  krb5-debuginfo-1.5-29.i386.rpm
bf248e6abade39c2ecaa8243566b6cc7  krb5-devel-1.5-29.i386.rpm
d5218610f15e702055e6cb3bc34397dc  krb5-server-1.5-29.i386.rpm

x86_64:
49c6bed26fe92556ea56746ef315eb4a  krb5-debuginfo-1.5-29.i386.rpm
1faafca4b40f16e908c61dcdc3d790ab  krb5-debuginfo-1.5-29.x86_64.rpm
bf248e6abade39c2ecaa8243566b6cc7  krb5-devel-1.5-29.i386.rpm
891392dc7551dc50ea8dc2b5f2bca601  krb5-devel-1.5-29.x86_64.rpm
e4fff97ed9a00cb8771a58292bb48f06  krb5-server-1.5-29.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/krb5-1.5-29.src.rpm
825ddbdc5d0d34099fc4ad64d36f4319  krb5-1.5-29.src.rpm

i386:
49c6bed26fe92556ea56746ef315eb4a  krb5-debuginfo-1.5-29.i386.rpm
bf248e6abade39c2ecaa8243566b6cc7  krb5-devel-1.5-29.i386.rpm
00fd7d19bdfb7206bc203e7320250761  krb5-libs-1.5-29.i386.rpm
d5218610f15e702055e6cb3bc34397dc  krb5-server-1.5-29.i386.rpm
3ef36114368f3cbd86e062c07271948c  krb5-workstation-1.5-29.i386.rpm

ia64:
49c6bed26fe92556ea56746ef315eb4a  krb5-debuginfo-1.5-29.i386.rpm
9d9511b38b21062bf111b31b107ec5e1  krb5-debuginfo-1.5-29.ia64.rpm
30bf7d79eddef0731ba4e24cf5b8c741  krb5-devel-1.5-29.ia64.rpm
00fd7d19bdfb7206bc203e7320250761  krb5-libs-1.5-29.i386.rpm
af876b898ae7ac055ec340fa7356a9e0  krb5-libs-1.5-29.ia64.rpm
a725ad3b4aa57a14759bb0970433180e  krb5-server-1.5-29.ia64.rpm
887a69b951556747567a5dc626a13ecf  krb5-workstation-1.5-29.ia64.rpm

ppc:
34840ec80856925d05d1709c6b7a9057  krb5-debuginfo-1.5-29.ppc.rpm
aae4c19acb133fa168a3b6fe109ae65b  krb5-debuginfo-1.5-29.ppc64.rpm
4165e2b7aa9153668a199781ecba6d19  krb5-devel-1.5-29.ppc.rpm
cfca3e64c19bae40f0ecab452649ec31  krb5-devel-1.5-29.ppc64.rpm
f366aa3cec08f584c88767cfa6612206  krb5-libs-1.5-29.ppc.rpm
851aef665207ae0ad32ef7b0532aad7d  krb5-libs-1.5-29.ppc64.rpm
27f30dfe5a9759a9a4358c3b04f038f5  krb5-server-1.5-29.ppc.rpm
da64453a2cd7040eb79a967a1f633b47  krb5-workstation-1.5-29.ppc.rpm

s390x:
c3c6509037d412fba7591f5c58981964  krb5-debuginfo-1.5-29.s390.rpm
59efad893592df25629631142465b895  krb5-debuginfo-1.5-29.s390x.rpm
ef30b93ebdb3be79c2967195fc05857a  krb5-devel-1.5-29.s390.rpm
6cbf3138061196eae451d90333f5dc1b  krb5-devel-1.5-29.s390x.rpm
f0c64ed436eb6af72084e148eaf07a1c  krb5-libs-1.5-29.s390.rpm
5218436ecb5a97de43f96585e76d3776  krb5-libs-1.5-29.s390x.rpm
d53dfdf1222dc096a228a73a49e3a361  krb5-server-1.5-29.s390x.rpm
14e97979433df3744f68e4f0058f482a  krb5-workstation-1.5-29.s390x.rpm

x86_64:
49c6bed26fe92556ea56746ef315eb4a  krb5-debuginfo-1.5-29.i386.rpm
1faafca4b40f16e908c61dcdc3d790ab  krb5-debuginfo-1.5-29.x86_64.rpm
bf248e6abade39c2ecaa8243566b6cc7  krb5-devel-1.5-29.i386.rpm
891392dc7551dc50ea8dc2b5f2bca601  krb5-devel-1.5-29.x86_64.rpm
00fd7d19bdfb7206bc203e7320250761  krb5-libs-1.5-29.i386.rpm
c164118f540ee1bac62d882fe9dec19f  krb5-libs-1.5-29.x86_64.rpm
e4fff97ed9a00cb8771a58292bb48f06  krb5-server-1.5-29.x86_64.rpm
de907c36f79439aaa445ae73c5582fce  krb5-workstation-1.5-29.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4743
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFG4UU6XlSAg2UNWIIRAhO5AKC7gHkdSG9rUATXMsypIS3efUMYrwCfWc19
azayK7ZGnL2IH4aBxeXFmHI=
=HtRq
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRuSlWih9+71yA2DNAQKdVwP+P1P7mljOb1RfwDg7ITtdpKQivv3Qvomk
K78gBTd8IvJMouHI+ufD6C9dnBGaY3vu4JhPBZYnEYJ7lXpaAmhVL1zk1TNaxaq1
8UX5kV3104g74foxh/2y9ukSg565uQj1CJucLsvPXuvsjK9ma+iwzSgLvh+usmie
Eg96TM8B/uQ=
=cvlu
-----END PGP SIGNATURE-----