Mandrake Linux Security Advisory : krb5 (MDKSA-2004:088)

High Nessus Plugin ID 14673

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A double-free vulnerability exists in the MIT Kerberos 5's KDC program that could potentially allow a remote attacker to execute arbitrary code on the KDC host. As well, multiple double-free vulnerabilities exist in the krb5 library code, which makes client programs and application servers vulnerable. The MIT Kerberos 5 development team believes that exploitation of these bugs would be difficult and no known vulnerabilities are believed to exist. The vulnerability in krb524d was discovered by Marc Horowitz; the other double-free vulnerabilities were discovered by Will Fiveash and Nico Williams at Sun.

Will Fiveash and Nico Williams also found another vulnerability in the ASN.1 decoder library. This makes krb5 vulnerable to a DoS (Denial of Service) attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack.

The MIT Kerberos 5 team has provided patches which have been applied to the updated software to fix these issues. Mandrakesoft encourages all users to upgrade immediately.

Solution

Update the affected packages.

See Also

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-003-asn1.txt

Plugin Details

Severity: High

ID: 14673

File Name: mandrake_MDKSA-2004-088.nasl

Version: $Revision: 1.17 $

Type: local

Published: 2004/09/07

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:ftp-client-krb5, p-cpe:/a:mandriva:linux:ftp-server-krb5, p-cpe:/a:mandriva:linux:krb5-devel, p-cpe:/a:mandriva:linux:krb5-libs, p-cpe:/a:mandriva:linux:krb5-server, p-cpe:/a:mandriva:linux:krb5-workstation, p-cpe:/a:mandriva:linux:lib64krb51, p-cpe:/a:mandriva:linux:lib64krb51-devel, p-cpe:/a:mandriva:linux:libkrb51, p-cpe:/a:mandriva:linux:libkrb51-devel, p-cpe:/a:mandriva:linux:telnet-client-krb5, p-cpe:/a:mandriva:linux:telnet-server-krb5, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:9.1, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2004/08/31

Reference Information

CVE: CVE-2004-0642, CVE-2004-0643, CVE-2004-0644, CVE-2004-0772

CERT: 350792, 550464, 795632, 866472

MDKSA: 2004:088

CWE: 119