English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2007-42
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 07 Aug 2007
 Last revised: 07 Aug 2007

 Package: krb5

 Summary: Three vulnerabilities discovered in krb5

 More information:
    Kerberos V5 is a trusted-third-party network authentication system,
    which can improve your network's security by eliminating the insecure
    practice of cleartext passwords.

    - MIT Kerberos 5 might allow remote attackers to execute arbitrary code
      via a zero-length RPC credential.
    - MIT Kerberos 5 might allow remote attackers to execute arbitrary code
      via a negative length value.
    - MIT Kerberos allows remote authenticated users to execute arbitrary code.

 Impact:
    An unauthenticated remote user may be able to cause a host running
    kadmind to execute arbitrary code.

 Affected Products:
    - Turbolinux Appliance Server 2.0
    - Turbolinux 10 Server x64 Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server


 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   krb5-1.3.4-23.src.rpm
      6408804 43fc0d00222d58d2bd0a62dc47da5a1e

   Binary Packages
   Size: MD5

   krb5-devel-1.3.4-23.i586.rpm
       656575 7161337a83a4654c5ff71693e8125acd
   krb5-libs-1.3.4-23.i586.rpm
       432543 9ba2b98088b063e61e778215542d888a
   krb5-server-1.3.4-23.i586.rpm
       779682 3b11b75d9354376c1114a60a96b440de
   krb5-workstation-1.3.4-23.i586.rpm
       840061 6ccd1e1f985a9361d6b6e817925fce9b

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/krb5-1.3.4-23.src.rpm
      6408804 b4f209d2d9021ae739177e9fe5359966

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/krb5-devel-1.3.4-23.x86_64.rpm
       691617 d18ae80ee5463644e8941afa0769ec23
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/krb5-libs-1.3.4-23.x86_64.rpm
       471895 f2e3878c4a396b058108f8e53c2699be
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/krb5-server-1.3.4-23.x86_64.rpm
       794425 ee3335a60b793a922f65852d4f25dca6
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/krb5-workstation-1.3.4-23.x86_64.rpm
       887749 9c111470cd3e9d778f2b1dfdc25b5441

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/krb5-1.3.4-23.src.rpm
      6408804 43fc0d00222d58d2bd0a62dc47da5a1e

   Binary Packages
   Size: MD5

   krb5-debug-1.3.4-23.i586.rpm
      4017314 15168ddd9ec3dfdd37de466493d659ab
   krb5-devel-1.3.4-23.i586.rpm
       656575 7161337a83a4654c5ff71693e8125acd
   krb5-libs-1.3.4-23.i586.rpm
       432543 9ba2b98088b063e61e778215542d888a
   krb5-server-1.3.4-23.i586.rpm
       779682 3b11b75d9354376c1114a60a96b440de
   krb5-workstation-1.3.4-23.i586.rpm
       840061 6ccd1e1f985a9361d6b6e817925fce9b

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/krb5-1.2.5-22.src.rpm
      5529257 3c1a173ecb71b9635e63a75325451f9d

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-devel-1.2.5-22.i586.rpm
       578748 6b3359f12309e3908aa2496a9b33b7e3
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-libs-1.2.5-22.i586.rpm
       344274 37a8539044cb7775f92b61d861b15bd6
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-server-1.2.5-22.i586.rpm
       603213 0cc1e369e9e88906dd7b98a038b66ec8
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-workstation-1.2.5-22.i586.rpm
       592535 619c219b8f00f4da59177050e20a0777

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/krb5-1.2.5-22.src.rpm
      5529257 7e801575fddb958863757244430b7e6a

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-devel-1.2.5-22.i586.rpm
       577526 4abf9b4f23af6ca66a5f01c669c9830b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-libs-1.2.5-22.i586.rpm
       640406 60c2ee2c96d84bbf0320b25cd9cb2285
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-server-1.2.5-22.i586.rpm
       604127 981c85d5c00c7ca9d9792cb70c78f0e1
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-workstation-1.2.5-22.i586.rpm
       603224 f5543545d84352956009debc51a8f630


 References:

 MIT krb5 Security Advisory
   [MIT krb5 Security Advisory 2007-004]
   http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt
   [MIT krb5 Security Advisory 2007-005]
   http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-005.txt

 CVE
   [CVE-2007-2442]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442
   [CVE-2007-2443]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443
   [CVE-2007-2798]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798

 --------------------------------------------------------------------------
 Revision History
    07 Aug 2007 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2007 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGuBO1K0LzjOqIJMwRAkkDAJ92468/vZ7gfY6QD+IqNr2Mhc3mOgCdEWQd
40GpsExSbvv6twWOb7KEE1M=
=3eeV
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.