Looks bad, please read. I don't think Debian has an update out yet for krb5. I'm guessing they will before we start really migrating users, but if not we'll have to patch ourselves.
-ntk > From: US-CERT Technical Alerts [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 03, 2007 7:57 PM > To: [EMAIL PROTECTED] > Subject: US-CERT Technical Cyber Security Alert TA07-093B -- MIT > Kerberos Vulnerabilities > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > National Cyber Alert System > > Technical Cyber Security Alert TA07-093B > > > MIT Kerberos Vulnerabilities > > Original release date: April 03, 2007 > Last revised: -- > Source: US-CERT > > > Systems Affected > > * MIT Kerberos > > Other products based on the GSS-API or the RPC libraries provided > with MIT Kerberos may also be affected. > > > Overview > > The MIT Kerberos 5 implementation contains several vulnerabilities. > One of these vulnerabilities (VU#220816) could allow a remote, > unauthenticated attacker to log in via telnet (23/tcp) with > elevated privileges. The other vulnerabilities (VU#704024, > VU#419344) could allow a remote, authenticated attacker to execute > arbitrary code on a Key Distribution Center (KDC). > > > I. Description > > There are three vulnerabilities that affect MIT Kerberos 5: > > * VU#220816 - MIT Kerberos 5 telnet daemon allows login as > arbitrary user > > The telnet daemon included with the MIT Kerberos administration > daemon contains a vulnerability that may allow a remote, > unauthorized user to log on to the system with elevated > privileges. > > * VU#704024 - MIT Kerberos 5 administration daemon stack overflow > in krb5_klog_syslog() > > The MIT Kerberos administration daemon contains a vulnerability > in the way the krb5_klog_syslog() function handles specially > crafted strings that may allow a remote, authenticated attacker > to execute arbitrary code. Other server applications that call > krb5_klog_syslog() may also be affected. This vulnerability can > be triggered by sending a specially crafted Kerberos message to a > vulnerable system. > > * VU#419344 - MIT Kerberos 5 GSS-API library double-free > vulnerability > > A vulnerability exists in the way that the GSS-API library > provided with MIT krb5 handles messages with an invalid direction > encoding, resulting in a double free which may allow a remote, > authenticated attacker to execute arbitrary code. Other server > applications that utilize the RPC library or the GSS-API library > provided with MIT Kerberos may also be affected. This > vulnerability can be triggered by sending a specially crafted > Kerberos message to a vulnerable system. > > > II. Impact > > In the case of VU#220816 a remote attacker could log on to the > system via telnet and gain elevated privileges. > > In the case of VU#704024 and VU#419344, a remote, authenticated > attacker may be able to execute arbitrary code on KDCs, systems > running kadmind, and application servers that use the RPC or > GSS-API libraries. An attacker could also cause a denial of service > on any of these systems. As a secondary impact, either one of these > vulnerabilities could result in the compromise of both the KDC and > an entire Kerberos realm. > > > III. Solution > > Check with your vendors for patches or updates. For information > about a vendor, please see the systems affected section in the > individual vulnerability notes or contact your vendor directly. > > Alternatively, apply the appropriate source code patches referenced > in MITKRB5-SA-2007-001, MITKRB5-SA-2007-002, and > MITKRB5-SA-2007-003 and recompile. > > These vulnerabilities will also be addressed in krb5-1.6.1. > > > IV. References > > * US-CERT Vulnerability Note VU#220816 - > <http://www.kb.cert.org/vuls/id/220816> > > * US-CERT Vulnerability Note VU#704024 - > <http://www.kb.cert.org/vuls/id/704024> > > * US-CERT Vulnerability Note VU#419344 - > <http://www.kb.cert.org/vuls/id/419344> > > * MIT krb5 Security Advisory 2007-001 - > > <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-001- > telnetd.txt> > > * MIT krb5 Security Advisory 2007-002 - > > <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002- > syslog.txt> > > * MIT krb5 Security Advisory 2007-003 - > <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007- > 003.txt> > > > ____________________________________________________________________ > > The most recent version of this document can be found at: > > <http://www.us-cert.gov/cas/techalerts/TA07-093B.html> > ____________________________________________________________________ > > Feedback can be directed to US-CERT Technical Staff. Please send > email to <[EMAIL PROTECTED]> with "TA07-093B Feedback VU#202816" in the > subject. > ____________________________________________________________________ > > For instructions on subscribing to or unsubscribing from this > mailing list, visit <http://www.us-cert.gov/cas/signup.html>. > ____________________________________________________________________ > > Produced 2007 by US-CERT, a government organization. > > Terms of use: > > <http://www.us-cert.gov/legal.html> > ____________________________________________________________________ > > > Revision History > > April 03, 2007: Initial release _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
