[gentoo-announce] [ GLSA 200507-11 ] MIT Kerberos 5: Multiple vulnerabilities - gentoo-announce

From:	Sune Kloppenborg Jeppesen <jaervosz@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200507-11 ] MIT Kerberos 5: Multiple vulnerabilities
Date:	Tue, 12 Jul 2005 19:30:28
Message-Id:	`200507122108.36734.jaervosz@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200507-11

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: High

8

     Title: MIT Kerberos 5: Multiple vulnerabilities

9

      Date: July 12, 2005

10

      Bugs: #98799

11

        ID: 200507-11

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

MIT Kerberos 5 is vulnerable to a Denial of Service attack and remote

19

execution of arbitrary code, possibly leading to the compromise of the

20

entire Kerberos realm.

21

22

Background

23

==========

24

25

MIT Kerberos 5 is the free implementation of the Kerberos network

26

authentication protocol by the Massachusetts Institute of Technology.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package             /  Vulnerable  /                   Unaffected

33

    -------------------------------------------------------------------

34

  1  app-crypt/mit-krb5     < 1.4.1-r1                     >= 1.4.1-r1

35

36

Description

37

===========

38

39

Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the heap

40

by freeing unallocated memory when receiving a special TCP request

41

(CAN-2005-1174). He also discovered that the same request could lead to

42

a single-byte heap overflow (CAN-2005-1175). Magnus Hagander discovered

43

that krb5_recvauth() function of MIT Kerberos 5 might try to

44

double-free memory (CAN-2005-1689).

45

46

Impact

47

======

48

49

Although exploitation is considered difficult, a remote attacker could

50

exploit the single-byte heap overflow and the double-free vulnerability

51

to execute arbitrary code, which could lead to the compromise of the

52

whole Kerberos realm. A remote attacker could also use the heap

53

corruption to cause a Denial of Service.

54

55

Workaround

56

==========

57

58

There are no known workarounds at this time.

59

60

Resolution

61

==========

62

63

All MIT Kerberos 5 users should upgrade to the latest available

64

version:

65

66

    # emerge --sync

67

    # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.4.1-r1"

68

69

References

70

==========

71

72

  [ 1 ] CAN-2005-1174

73

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1174

74

  [ 2 ] CAN-2005-1175

75

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1175

76

  [ 3 ] CAN-2005-1689

77

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689

78

  [ 4 ] MITKRB5-SA-2005-002

79

        http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt

80

  [ 5 ] MITKRB5-SA-2005-003

81

        http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt

82

83

Availability

84

============

85

86

This GLSA and any updates to it are available for viewing at

87

the Gentoo Security Website:

88

89

  http://security.gentoo.org/glsa/glsa-200507-11.xml

90

91

Concerns?

92

=========

93

94

Security is a primary focus of Gentoo Linux and ensuring the

95

confidentiality and security of our users machines is of utmost

96

importance to us. Any security concerns should be addressed to

97

security@g.o or alternatively, you may file a bug at

98

http://bugs.gentoo.org.

99

100

License

101

=======

102

103

Copyright 2005 Gentoo Foundation, Inc; referenced text

104

belongs to its owner(s).

105

106

The contents of this document are licensed under the

107

Creative Commons - Attribution / Share Alike license.

108

109

http://creativecommons.org/licenses/by-sa/2.0

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200507-11
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: MIT Kerberos 5: Multiple vulnerabilities
9	Date: July 12, 2005
10	Bugs: #98799
11	ID: 200507-11
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	MIT Kerberos 5 is vulnerable to a Denial of Service attack and remote
19	execution of arbitrary code, possibly leading to the compromise of the
20	entire Kerberos realm.
21
22	Background
23	==========
24
25	MIT Kerberos 5 is the free implementation of the Kerberos network
26	authentication protocol by the Massachusetts Institute of Technology.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 app-crypt/mit-krb5 < 1.4.1-r1 >= 1.4.1-r1
35
36	Description
37	===========
38
39	Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the heap
40	by freeing unallocated memory when receiving a special TCP request
41	(CAN-2005-1174). He also discovered that the same request could lead to
42	a single-byte heap overflow (CAN-2005-1175). Magnus Hagander discovered
43	that krb5_recvauth() function of MIT Kerberos 5 might try to
44	double-free memory (CAN-2005-1689).
45
46	Impact
47	======
48
49	Although exploitation is considered difficult, a remote attacker could
50	exploit the single-byte heap overflow and the double-free vulnerability
51	to execute arbitrary code, which could lead to the compromise of the
52	whole Kerberos realm. A remote attacker could also use the heap
53	corruption to cause a Denial of Service.
54
55	Workaround
56	==========
57
58	There are no known workarounds at this time.
59
60	Resolution
61	==========
62
63	All MIT Kerberos 5 users should upgrade to the latest available
64	version:
65
66	# emerge --sync
67	# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.4.1-r1"
68
69	References
70	==========
71
72	[ 1 ] CAN-2005-1174
73	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1174
74	[ 2 ] CAN-2005-1175
75	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1175
76	[ 3 ] CAN-2005-1689
77	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689
78	[ 4 ] MITKRB5-SA-2005-002
79	http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt
80	[ 5 ] MITKRB5-SA-2005-003
81	http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt
82
83	Availability
84	============
85
86	This GLSA and any updates to it are available for viewing at
87	the Gentoo Security Website:
88
89	http://security.gentoo.org/glsa/glsa-200507-11.xml
90
91	Concerns?
92	=========
93
94	Security is a primary focus of Gentoo Linux and ensuring the
95	confidentiality and security of our users machines is of utmost
96	importance to us. Any security concerns should be addressed to
97	security@g.o or alternatively, you may file a bug at
98	http://bugs.gentoo.org.
99
100	License
101	=======
102
103	Copyright 2005 Gentoo Foundation, Inc; referenced text
104	belongs to its owner(s).
105
106	The contents of this document are licensed under the
107	Creative Commons - Attribution / Share Alike license.
108
109	http://creativecommons.org/licenses/by-sa/2.0

Gentoo Archives: gentoo-announce