[gentoo-announce] [ GLSA 200904-09 ] MIT Kerberos 5: Multiple vulnerabilities - gentoo-announce

From:	Robert Buchholz <rbu@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200904-09 ] MIT Kerberos 5: Multiple vulnerabilities
Date:	Wed, 08 Apr 2009 22:48:32
Message-Id:	`200904090046.17966.rbu@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200904-09

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: High

8

     Title: MIT Kerberos 5: Multiple vulnerabilities

9

      Date: April 08, 2009

10

      Bugs: #262736, #263398

11

        ID: 200904-09

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilites in MIT Kerberos 5 might allow remote

19

unauthenticated users to execute arbitrary code with root privileges.

20

21

Background

22

==========

23

24

MIT Kerberos 5 is a suite of applications that implement the Kerberos

25

network protocol. kadmind is the MIT Kerberos 5 administration daemon,

26

KDC is the Key Distribution Center.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package             /  Vulnerable  /                   Unaffected

33

    -------------------------------------------------------------------

34

  1  app-crypt/mit-krb5     < 1.6.3-r6                     >= 1.6.3-r6

35

36

Description

37

===========

38

39

Multiple vulnerabilities have been reported in MIT Kerberos 5:

40

41

* A free() call on an uninitialized pointer in the ASN.1 decoder when

42

  decoding an invalid encoding (CVE-2009-0846).

43

44

* A buffer overread in the SPNEGO GSS-API application, reported by

45

  Apple Product Security (CVE-2009-0844).

46

47

* A NULL pointer dereference in the SPNEGO GSS-API application,

48

  reported by Richard Evans (CVE-2009-0845).

49

50

* An incorrect length check inside an ASN.1 decoder leading to

51

  spurious malloc() failures (CVE-2009-0847).

52

53

Impact

54

======

55

56

A remote unauthenticated attacker could exploit the first vulnerability

57

to cause a Denial of Service or, in unlikely circumstances, execute

58

arbitrary code on the host running krb5kdc or kadmind with root

59

privileges and compromise the Kerberos key database. Exploitation of

60

the other vulnerabilities might lead to a Denial of Service in kadmind,

61

krb5kdc, or other daemons performing authorization against Kerberos

62

that utilize GSS-API or an information disclosure.

63

64

Workaround

65

==========

66

67

There is no known workaround at this time.

68

69

Resolution

70

==========

71

72

All MIT Kerberos 5 users should upgrade to the latest version:

73

74

    # emerge --sync

75

    # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.6.3-r6"

76

77

References

78

==========

79

80

  [ 1 ] CVE-2009-0844

81

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844

82

  [ 2 ] CVE-2009-0845

83

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845

84

  [ 3 ] CVE-2009-0846

85

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846

86

  [ 4 ] CVE-2009-0847

87

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847

88

89

Availability

90

============

91

92

This GLSA and any updates to it are available for viewing at

93

the Gentoo Security Website:

94

95

  http://security.gentoo.org/glsa/glsa-200904-09.xml

96

97

Concerns?

98

=========

99

100

Security is a primary focus of Gentoo Linux and ensuring the

101

confidentiality and security of our users machines is of utmost

102

importance to us. Any security concerns should be addressed to

103

security@g.o or alternatively, you may file a bug at

104

http://bugs.gentoo.org.

105

106

License

107

=======

108

109

Copyright 2009 Gentoo Foundation, Inc; referenced text

110

belongs to its owner(s).

111

112

The contents of this document are licensed under the

113

Creative Commons - Attribution / Share Alike license.

114

115

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200904-09
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: MIT Kerberos 5: Multiple vulnerabilities
9	Date: April 08, 2009
10	Bugs: #262736, #263398
11	ID: 200904-09
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilites in MIT Kerberos 5 might allow remote
19	unauthenticated users to execute arbitrary code with root privileges.
20
21	Background
22	==========
23
24	MIT Kerberos 5 is a suite of applications that implement the Kerberos
25	network protocol. kadmind is the MIT Kerberos 5 administration daemon,
26	KDC is the Key Distribution Center.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 app-crypt/mit-krb5 < 1.6.3-r6 >= 1.6.3-r6
35
36	Description
37	===========
38
39	Multiple vulnerabilities have been reported in MIT Kerberos 5:
40
41	* A free() call on an uninitialized pointer in the ASN.1 decoder when
42	decoding an invalid encoding (CVE-2009-0846).
43
44	* A buffer overread in the SPNEGO GSS-API application, reported by
45	Apple Product Security (CVE-2009-0844).
46
47	* A NULL pointer dereference in the SPNEGO GSS-API application,
48	reported by Richard Evans (CVE-2009-0845).
49
50	* An incorrect length check inside an ASN.1 decoder leading to
51	spurious malloc() failures (CVE-2009-0847).
52
53	Impact
54	======
55
56	A remote unauthenticated attacker could exploit the first vulnerability
57	to cause a Denial of Service or, in unlikely circumstances, execute
58	arbitrary code on the host running krb5kdc or kadmind with root
59	privileges and compromise the Kerberos key database. Exploitation of
60	the other vulnerabilities might lead to a Denial of Service in kadmind,
61	krb5kdc, or other daemons performing authorization against Kerberos
62	that utilize GSS-API or an information disclosure.
63
64	Workaround
65	==========
66
67	There is no known workaround at this time.
68
69	Resolution
70	==========
71
72	All MIT Kerberos 5 users should upgrade to the latest version:
73
74	# emerge --sync
75	# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.6.3-r6"
76
77	References
78	==========
79
80	[ 1 ] CVE-2009-0844
81	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844
82	[ 2 ] CVE-2009-0845
83	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845
84	[ 3 ] CVE-2009-0846
85	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846
86	[ 4 ] CVE-2009-0847
87	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847
88
89	Availability
90	============
91
92	This GLSA and any updates to it are available for viewing at
93	the Gentoo Security Website:
94
95	http://security.gentoo.org/glsa/glsa-200904-09.xml
96
97	Concerns?
98	=========
99
100	Security is a primary focus of Gentoo Linux and ensuring the
101	confidentiality and security of our users machines is of utmost
102	importance to us. Any security concerns should be addressed to
103	security@g.o or alternatively, you may file a bug at
104	http://bugs.gentoo.org.
105
106	License
107	=======
108
109	Copyright 2009 Gentoo Foundation, Inc; referenced text
110	belongs to its owner(s).
111
112	The contents of this document are licensed under the
113	Creative Commons - Attribution / Share Alike license.
114
115	http://creativecommons.org/licenses/by-sa/2.5