copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2016.0759 - [RedHat] krb5: Multiple vulnerabilities

Date: 23 March 2016
References: ESB-2016.0299  ASB-2016.0017  ESB-2016.0837  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.0759
                      Moderate: krb5 security update
                               23 March 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           krb5
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux WS/Desktop 6
Impact/Access:     Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-8631 CVE-2015-8629 

Reference:         ASB-2016.0017
                   ESB-2016.0299

Original Bulletin: 
   https://rhn.redhat.com/errata/RHSA-2016-0493.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: krb5 security update
Advisory ID:       RHSA-2016:0493-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0493.html
Issue date:        2016-03-22
CVE Names:         CVE-2015-8629 CVE-2015-8631 
=====================================================================

1. Summary:

Updated krb5 packages that fix two security issues are now available
for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

Kerberos is a networked authentication system which allows clients and
servers to authenticate to each other with the help of a trusted third
party, the Kerberos KDC.

A memory leak flaw was found in the krb5_unparse_name() function of the MIT
Kerberos kadmind service. An authenticated attacker could repeatedly send
specially crafted requests to the server, which could cause the server to
consume large amounts of memory resources, ultimately leading to a denial
of service due to memory exhaustion. (CVE-2015-8631)

An out-of-bounds read flaw was found in the kadmind service of MIT
Kerberos. An authenticated attacker could send a maliciously crafted
message to force kadmind to read beyond the end of allocated memory, and
write the memory contents to the KDC database if the attacker has write
permission, leading to information disclosure. (CVE-2015-8629)

The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat.

All krb5 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, running Kerberos services (krb5kdc, kadmin, and kprop)
will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1302617 - CVE-2015-8629 krb5: xdr_nullstring() doesn't check for terminating null character
1302642 - CVE-2015-8631 krb5: Memory leak caused by supplying a null principal name in request

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
krb5-1.10.3-42z1.el6_7.src.rpm

i386:
krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm
krb5-libs-1.10.3-42z1.el6_7.i686.rpm
krb5-pkinit-openssl-1.10.3-42z1.el6_7.i686.rpm
krb5-workstation-1.10.3-42z1.el6_7.i686.rpm

x86_64:
krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm
krb5-debuginfo-1.10.3-42z1.el6_7.x86_64.rpm
krb5-libs-1.10.3-42z1.el6_7.i686.rpm
krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm
krb5-pkinit-openssl-1.10.3-42z1.el6_7.x86_64.rpm
krb5-workstation-1.10.3-42z1.el6_7.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm
krb5-devel-1.10.3-42z1.el6_7.i686.rpm
krb5-server-1.10.3-42z1.el6_7.i686.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm

x86_64:
krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm
krb5-debuginfo-1.10.3-42z1.el6_7.x86_64.rpm
krb5-devel-1.10.3-42z1.el6_7.i686.rpm
krb5-devel-1.10.3-42z1.el6_7.x86_64.rpm
krb5-server-1.10.3-42z1.el6_7.x86_64.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
krb5-1.10.3-42z1.el6_7.src.rpm

x86_64:
krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm
krb5-debuginfo-1.10.3-42z1.el6_7.x86_64.rpm
krb5-libs-1.10.3-42z1.el6_7.i686.rpm
krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm
krb5-pkinit-openssl-1.10.3-42z1.el6_7.x86_64.rpm
krb5-workstation-1.10.3-42z1.el6_7.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm
krb5-debuginfo-1.10.3-42z1.el6_7.x86_64.rpm
krb5-devel-1.10.3-42z1.el6_7.i686.rpm
krb5-devel-1.10.3-42z1.el6_7.x86_64.rpm
krb5-server-1.10.3-42z1.el6_7.x86_64.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
krb5-1.10.3-42z1.el6_7.src.rpm

i386:
krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm
krb5-devel-1.10.3-42z1.el6_7.i686.rpm
krb5-libs-1.10.3-42z1.el6_7.i686.rpm
krb5-pkinit-openssl-1.10.3-42z1.el6_7.i686.rpm
krb5-server-1.10.3-42z1.el6_7.i686.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm
krb5-workstation-1.10.3-42z1.el6_7.i686.rpm

ppc64:
krb5-debuginfo-1.10.3-42z1.el6_7.ppc.rpm
krb5-debuginfo-1.10.3-42z1.el6_7.ppc64.rpm
krb5-devel-1.10.3-42z1.el6_7.ppc.rpm
krb5-devel-1.10.3-42z1.el6_7.ppc64.rpm
krb5-libs-1.10.3-42z1.el6_7.ppc.rpm
krb5-libs-1.10.3-42z1.el6_7.ppc64.rpm
krb5-pkinit-openssl-1.10.3-42z1.el6_7.ppc64.rpm
krb5-server-1.10.3-42z1.el6_7.ppc64.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.ppc.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.ppc64.rpm
krb5-workstation-1.10.3-42z1.el6_7.ppc64.rpm

s390x:
krb5-debuginfo-1.10.3-42z1.el6_7.s390.rpm
krb5-debuginfo-1.10.3-42z1.el6_7.s390x.rpm
krb5-devel-1.10.3-42z1.el6_7.s390.rpm
krb5-devel-1.10.3-42z1.el6_7.s390x.rpm
krb5-libs-1.10.3-42z1.el6_7.s390.rpm
krb5-libs-1.10.3-42z1.el6_7.s390x.rpm
krb5-pkinit-openssl-1.10.3-42z1.el6_7.s390x.rpm
krb5-server-1.10.3-42z1.el6_7.s390x.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.s390.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.s390x.rpm
krb5-workstation-1.10.3-42z1.el6_7.s390x.rpm

x86_64:
krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm
krb5-debuginfo-1.10.3-42z1.el6_7.x86_64.rpm
krb5-devel-1.10.3-42z1.el6_7.i686.rpm
krb5-devel-1.10.3-42z1.el6_7.x86_64.rpm
krb5-libs-1.10.3-42z1.el6_7.i686.rpm
krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm
krb5-pkinit-openssl-1.10.3-42z1.el6_7.x86_64.rpm
krb5-server-1.10.3-42z1.el6_7.x86_64.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.x86_64.rpm
krb5-workstation-1.10.3-42z1.el6_7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
krb5-1.10.3-42z1.el6_7.src.rpm

i386:
krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm
krb5-devel-1.10.3-42z1.el6_7.i686.rpm
krb5-libs-1.10.3-42z1.el6_7.i686.rpm
krb5-pkinit-openssl-1.10.3-42z1.el6_7.i686.rpm
krb5-server-1.10.3-42z1.el6_7.i686.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm
krb5-workstation-1.10.3-42z1.el6_7.i686.rpm

x86_64:
krb5-debuginfo-1.10.3-42z1.el6_7.i686.rpm
krb5-debuginfo-1.10.3-42z1.el6_7.x86_64.rpm
krb5-devel-1.10.3-42z1.el6_7.i686.rpm
krb5-devel-1.10.3-42z1.el6_7.x86_64.rpm
krb5-libs-1.10.3-42z1.el6_7.i686.rpm
krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm
krb5-pkinit-openssl-1.10.3-42z1.el6_7.x86_64.rpm
krb5-server-1.10.3-42z1.el6_7.x86_64.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm
krb5-server-ldap-1.10.3-42z1.el6_7.x86_64.rpm
krb5-workstation-1.10.3-42z1.el6_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-8629
https://access.redhat.com/security/cve/CVE-2015-8631
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFW8biuXlSAg2UNWIIRAqANAJ9isYlOZU2KEHrFlUiObFIZ/XBxNACdGV8O
ioClPmNh8+o8ZSOXMkaB8vs=
=+IYW
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVvHiL36ZAP0PgtI9AQIoNA//f1rmBd4d5COBGSMPMgrYJK+QyXx/prjk
YQ1qz3rpYhocWqFykCmrZzUwBH2RUPg9cUJoGkv3/fCM/RZwjem7ET5pqc/+7NSK
aZ2lLd5rLYJ2KBknoShryiqe7RtCHAsXXmw3NTOp9YlxMjDflzVqEmJRGlrW964Q
qq07C2ABvO2lR2Xx13eagzD3LMp+EtU/LdWqytOWHkK5PEffrdNQYG6Cd8nszZwS
kS8CU6iQPqP2mmKHM1yvzFUbcIzYbZES35w77lC6lixPIF1feZHjIQyGewjCf9Lt
vwTxN47hYR7KOebSCrwMbuQrUURzN+HErQKYIaNF2x9IOg3xfFz2FxxG0UDo7k0V
xBDss9knMQAudb9EB4qqBcrwHkXuS6UCjXCslMe4X29cuM5Tc1H39Fg/R7F4Dmzt
+mTqTm3+rG3KRmqB7h0Uab3tStcy33QCzjKCHF5G5YiGAPCh5Uh7nbGlYWwrG5Z5
+bsPX4dizPdgl/ors9CEfa1lq4OhR0a6+Jdooa3TNMckyydPtOUxL3ALEgV5DY8W
V2ioA1H8ocwGsGfw/JqaB15lZ5BYba6spt3APFPZmZcpUltpGG/TqV2kw5/OPfNb
LR6pEwZKgGYN6wpN6/Gk97/hqfQGiMl2itFKAEMPXL+nfceP4cKvdnGQ9sutrMym
zxZIKvlAFSc=
=GfPv
-----END PGP SIGNATURE-----