Mandrake Linux Security Advisory : krb5 (MDKSA-2004:088)

high Nessus Plugin ID 14673

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A double-free vulnerability exists in the MIT Kerberos 5's KDC program that could potentially allow a remote attacker to execute arbitrary code on the KDC host. As well, multiple double-free vulnerabilities exist in the krb5 library code, which makes client programs and application servers vulnerable. The MIT Kerberos 5 development team believes that exploitation of these bugs would be difficult and no known vulnerabilities are believed to exist. The vulnerability in krb524d was discovered by Marc Horowitz; the other double-free vulnerabilities were discovered by Will Fiveash and Nico Williams at Sun.

Will Fiveash and Nico Williams also found another vulnerability in the ASN.1 decoder library. This makes krb5 vulnerable to a DoS (Denial of Service) attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack.

The MIT Kerberos 5 team has provided patches which have been applied to the updated software to fix these issues. Mandrakesoft encourages all users to upgrade immediately.

Solution

Update the affected packages.

See Also

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-003-asn1.txt

Plugin Details

Severity: High

ID: 14673

File Name: mandrake_MDKSA-2004-088.nasl

Version: 1.20

Type: local

Published: 9/7/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:telnet-server-krb5, p-cpe:/a:mandriva:linux:lib64krb51-devel, cpe:/o:mandrakesoft:mandrake_linux:9.1, p-cpe:/a:mandriva:linux:krb5-devel, p-cpe:/a:mandriva:linux:libkrb51-devel, cpe:/o:mandrakesoft:mandrake_linux:9.2, p-cpe:/a:mandriva:linux:ftp-client-krb5, p-cpe:/a:mandriva:linux:krb5-server, p-cpe:/a:mandriva:linux:ftp-server-krb5, p-cpe:/a:mandriva:linux:libkrb51, cpe:/o:mandrakesoft:mandrake_linux:10.0, p-cpe:/a:mandriva:linux:krb5-libs, p-cpe:/a:mandriva:linux:krb5-workstation, p-cpe:/a:mandriva:linux:lib64krb51, p-cpe:/a:mandriva:linux:telnet-client-krb5

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 8/31/2004

Reference Information

CVE: CVE-2004-0642, CVE-2004-0643, CVE-2004-0644, CVE-2004-0772

CWE: 119

CERT: 350792, 550464, 795632, 866472

MDKSA: 2004:088