English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2007-24
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 04 Apr 2007
 Last revised: 04 Apr 2007

 Package: krb5

 Summary: Three vulnerabilities discovered in krb5

 More information:
    Kerberos V5 is a trusted-third-party network authentication system,
    which can improve your network's security by eliminating the insecure
    practice of cleartext passwords.

    - The MIT krb5 telnet daemon (krb5-telnet) allows unauthorized login as an
      arbitrary user, when presented with a specially crafted username.
      Exploitation of this vulnerability is trivial.
    - The library function krb5_klog_syslog() can write past the end of a
      stack buffer.  The Kerberos administration daemon (kadmind) as well as
      the KDC, are vulnerable.  Exploitation of this vulnerability is probably simple.
    - The GSS-API library provided with MIT krb5 contains a vulnerability that may
      allow a remote, authenticated attacker to execute arbitrary code or
      cause a denial of service.

 Impact:
    A user can gain unauthorized access to any account (including root) on
    a host running telnetd.
    The krb5 allows remote attackers to cause a host running kadmind to
    execute arbitrary code.
    The krb5 allows remote attackers to cause a denial of service.

 Affected Products:
    - Turbolinux Appliance Server 2.0
    - Turbolinux 10 Server x64 Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server


 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   krb5-1.3.4-22.src.rpm
      6406714 7a51aab6718d9eb9718d46c0865ffb81

   Binary Packages
   Size: MD5

   krb5-devel-1.3.4-22.i586.rpm
       656084 39ebbb6b8f8adf5ea193cd4e84c4199a
   krb5-libs-1.3.4-22.i586.rpm
       432325 2d5e416b572c7224e465ccf3b07068da
   krb5-server-1.3.4-22.i586.rpm
       780087 4f612f9ed0c94f78f8eb28eefe8ddfc7
   krb5-workstation-1.3.4-22.i586.rpm
       839835 acd739329feaa8c796db7975d061d4cf

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/krb5-1.3.4-22.src.rpm
      6406714 41520cd74be127a803bb39e0f541e0c7

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/krb5-devel-1.3.4-22.x86_64.rpm
       691290 062cadc469c31dad4580ba0179d4f7c6
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/krb5-libs-1.3.4-22.x86_64.rpm
       471467 d4ce9dd9bb3c0676fca3cf65e10cb110
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/krb5-server-1.3.4-22.x86_64.rpm
       793772 3bca38bc936852c6b8c6f3211d060339
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/krb5-workstation-1.3.4-22.x86_64.rpm
       887474 60f9a419f96a214dfa3748e59ca07643

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/krb5-1.3.4-22.src.rpm
      6406714 7a51aab6718d9eb9718d46c0865ffb81

   Binary Packages
   Size: MD5

   krb5-debug-1.3.4-22.i586.rpm
      4016946 be39ec8b27ee41cc29e3b49ee068bf01
   krb5-devel-1.3.4-22.i586.rpm
       656084 39ebbb6b8f8adf5ea193cd4e84c4199a
   krb5-libs-1.3.4-22.i586.rpm
       432325 2d5e416b572c7224e465ccf3b07068da
   krb5-server-1.3.4-22.i586.rpm
       780087 4f612f9ed0c94f78f8eb28eefe8ddfc7
   krb5-workstation-1.3.4-22.i586.rpm
       839835 acd739329feaa8c796db7975d061d4cf

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/krb5-1.2.5-21.src.rpm
      5527152 94bcf0981c147ab25e5bdaee7c7abb27

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-devel-1.2.5-21.i586.rpm
       577915 d37dab87bf63ebd12cd4aceeb8dc148f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-libs-1.2.5-21.i586.rpm
       343976 328168df67ebcdd0658d90aa44f690d4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-server-1.2.5-21.i586.rpm
       603084 6537d26bff149078ba02c23503f72445
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-workstation-1.2.5-21.i586.rpm
       592414 9e45d5da1badf0b93115866374a65cec

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/krb5-1.2.5-21.src.rpm
      5527152 d5bede9763d8f83f921342159c68ecb2

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-devel-1.2.5-21.i586.rpm
       576772 d959398c05121e6a260318fa36834634
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-libs-1.2.5-21.i586.rpm
       640636 b6e46c6b54d8fcfdcd56e78db1bc1266
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-server-1.2.5-21.i586.rpm
       603940 ff54edc68cd02f3facc17b544d7fb8af
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-workstation-1.2.5-21.i586.rpm
       603494 39e27c8b7b6a68a466f003011d19c01c


 References:

 MIT krb5 Security Advisory
   [MIT krb5 Security Advisory 2007-001]
   http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt
   [MIT krb5 Security Advisory 2007-002]
   http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt
   [MIT krb5 Security Advisory 2007-003]
   http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-003.txt

 CVE
   [CVE-2007-0956]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956
   [CVE-2007-0957]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957
   [CVE-2007-1216]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216

 --------------------------------------------------------------------------
 Revision History
    04 Apr 2007 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2007 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGE7CWK0LzjOqIJMwRAmUQAJ9E+NtNkRfru7zICkukt5LFuYqgxACfeWtF
jAlWar8JeBWyER5gOSQwvlA=
=3QVb
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.