RHEL 5 : krb5 (RHSA-2012:0306)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated krb5 packages that fix one security issue and various bugs are
now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Kerberos is a network authentication system which allows clients and
servers to authenticate to each other using symmetric encryption and a
trusted third-party, the Key Distribution Center (KDC).

It was found that ftpd, a Kerberos-aware FTP server, did not properly
drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did
not check for the potential failure of the effective group ID change
system call. If the group ID change failed, a remote FTP user could
use this flaw to gain unauthorized read or write access to files that
are owned by the root group. (CVE-2011-1526)

Red Hat would like to thank the MIT Kerberos project for reporting
this issue. Upstream acknowledges Tim Zingelman as the original
reporter.

This update also fixes the following bugs :

* Due to a mistake in the Kerberos libraries, a client could fail to
contact a Key Distribution Center (KDC) or terminate unexpectedly if
the client had already more than 1024 file descriptors in use. This
update backports modifications to the Kerberos libraries and the
libraries use the poll() function instead of the select() function, as
poll() does not have this limitation. (BZ#701444)

* The KDC failed to release memory when processing a TGS
(ticket-granting server) request from a client if the client request
included an authenticator with a subkey. As a result, the KDC consumed
an excessive amount of memory. With this update, the code releasing
the memory has been added and the problem no longer occurs.
(BZ#708516)

* Under certain circumstances, if services requiring Kerberos
authentication sent two authentication requests to the authenticating
server, the second authentication request was flagged as a replay
attack. As a result, the second authentication attempt was denied.
This update applies an upstream patch that fixes this bug. (BZ#713500)

* Previously, if Kerberos credentials had expired, the klist command
could terminate unexpectedly with a segmentation fault when invoked
with the -s option. This happened when klist encountered and failed to
process an entry with no realm name while scanning the credential
cache. With this update, the underlying code has been modified and the
command handles such entries correctly. (BZ#729067)

* Due to a regression, multi-line FTP macros terminated prematurely
with a segmentation fault. This occurred because the previously-added
patch failed to properly support multi-line macros. This update
restores the support for multi-line macros and the problem no longer
occurs. (BZ#735363, BZ#736132)

All users of krb5 are advised to upgrade to these updated packages,
which resolve these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2011-1526.html
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-005.txt
http://rhn.redhat.com/errata/RHSA-2012-0306.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 58060 ()

Bugtraq ID: 48571

CVE ID: CVE-2011-1526