Mandriva Linux Security Advisory 2011-025 - The MIT krb5 KDC database propagation daemon is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause the termination of the listening process that spawned it, preventing the slave KDC it was running on From receiving database updates from the master KDC. The MIT krb5 Key Distribution Center daemon is vulnerable to denial of service attacks from unauthenticated remote attackers. The updated packages have been patched to correct this issue.
5e22724c4dc283ee4ca3c1336f27444da0ddb0aad7ab32ac287c51831cc7e1b3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:025
https://www.mandriva.com/security/
_______________________________________________________________________
Package : krb5
Date : January 9, 2011
Affected: 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered and corrected in krb5:
The MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to
a denial-of-service attack triggered by invalid network input. If a
kpropd worker process receives invalid input that causes it to exit
with an abnormal status, it can cause the termination of the listening
process that spawned it, preventing the slave KDC it was running on
From receiving database updates from the master KDC (CVE-2010-4022).
The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable
to denial of service attacks from unauthenticated remote attackers
(CVE-2011-0281, CVE-2011-0282).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282
https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt
https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
4257cc617b96c71c95256eab33442bc2 2010.1/i586/krb5-1.8.1-5.3mdv2010.2.i586.rpm
025655b729ac32712c54f801849e93c2 2010.1/i586/krb5-pkinit-openssl-1.8.1-5.3mdv2010.2.i586.rpm
b690a8719f533a29ae7f92397b8c89fd 2010.1/i586/krb5-server-1.8.1-5.3mdv2010.2.i586.rpm
60cf99234bd79802947425404eb4493b 2010.1/i586/krb5-server-ldap-1.8.1-5.3mdv2010.2.i586.rpm
adab88a879966d2a0daf4d17bfd288fc 2010.1/i586/krb5-workstation-1.8.1-5.3mdv2010.2.i586.rpm
a481d252c831d40de9d7ccf00403105e 2010.1/i586/libkrb53-1.8.1-5.3mdv2010.2.i586.rpm
b031d51a205194decf50c5187e0d0e50 2010.1/i586/libkrb53-devel-1.8.1-5.3mdv2010.2.i586.rpm
a2e5bcabf3633d6f32c214b03f1252eb 2010.1/SRPMS/krb5-1.8.1-5.3mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
586ecee11e45dc3266f172a58169a945 2010.1/x86_64/krb5-1.8.1-5.3mdv2010.2.x86_64.rpm
d9418b6bfe4aff10c9de32d08a4cd4fc 2010.1/x86_64/krb5-pkinit-openssl-1.8.1-5.3mdv2010.2.x86_64.rpm
31a9d6629d25eea120fbd11853e25e0c 2010.1/x86_64/krb5-server-1.8.1-5.3mdv2010.2.x86_64.rpm
7fd34307e298b4f47970d3c77851ecdb 2010.1/x86_64/krb5-server-ldap-1.8.1-5.3mdv2010.2.x86_64.rpm
42552d1978fc6e66c3d7138da59b103d 2010.1/x86_64/krb5-workstation-1.8.1-5.3mdv2010.2.x86_64.rpm
362506d043aa087dcb743a0a3aa4f687 2010.1/x86_64/lib64krb53-1.8.1-5.3mdv2010.2.x86_64.rpm
f5f376d22fe98cdb7ec542c9a917873a 2010.1/x86_64/lib64krb53-devel-1.8.1-5.3mdv2010.2.x86_64.rpm
a2e5bcabf3633d6f32c214b03f1252eb 2010.1/SRPMS/krb5-1.8.1-5.3mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
9195a6f446623619ecca9433108b8ce2 mes5/i586/krb5-1.8.1-0.4mdvmes5.1.i586.rpm
d0de4724705b78ebaccdc0f1e332bdc0 mes5/i586/krb5-pkinit-openssl-1.8.1-0.4mdvmes5.1.i586.rpm
c573a00957ba2f5c9f813bf66d2639b6 mes5/i586/krb5-server-1.8.1-0.4mdvmes5.1.i586.rpm
d8e5bb51f39680e0e034864f3c7ab389 mes5/i586/krb5-server-ldap-1.8.1-0.4mdvmes5.1.i586.rpm
a6d37c289467daf9ec6be7386fd08804 mes5/i586/krb5-workstation-1.8.1-0.4mdvmes5.1.i586.rpm
5fe3268dc275b2255503b45b9dad1710 mes5/i586/libkrb53-1.8.1-0.4mdvmes5.1.i586.rpm
9fa6291f9bcf123e151743681c197e20 mes5/i586/libkrb53-devel-1.8.1-0.4mdvmes5.1.i586.rpm
f3636ce525a3743da670335fad739b4d mes5/SRPMS/krb5-1.8.1-0.4mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
e8f92b4b8d9e80929bc40df9398e7407 mes5/x86_64/krb5-1.8.1-0.4mdvmes5.1.x86_64.rpm
c7c9cc07256630ad3580ac8af6fd1731 mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.4mdvmes5.1.x86_64.rpm
da836bd502a81c68e486a59e0dc59576 mes5/x86_64/krb5-server-1.8.1-0.4mdvmes5.1.x86_64.rpm
1b4f41d239d1e17b460711961a4be093 mes5/x86_64/krb5-server-ldap-1.8.1-0.4mdvmes5.1.x86_64.rpm
0f63908285e6aba326b1af6b40456385 mes5/x86_64/krb5-workstation-1.8.1-0.4mdvmes5.1.x86_64.rpm
a8d6ded793ecdfd542557a2ce625f212 mes5/x86_64/lib64krb53-1.8.1-0.4mdvmes5.1.x86_64.rpm
3ad9fe51b83ba903dd347aae73bd8e09 mes5/x86_64/lib64krb53-devel-1.8.1-0.4mdvmes5.1.x86_64.rpm
f3636ce525a3743da670335fad739b4d mes5/SRPMS/krb5-1.8.1-0.4mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNUp/qmqjQ0CJFipgRAg0nAJwO+ObUmGm8k1KR4skSGzTYl8SYCACeIiio
Qpo7J6nxtEPLAtCuOk53zwk=
=TsGk
-----END PGP SIGNATURE-----