English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2008-20
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 16 Jun 2008
 Last revised: 16 Jun 2008

 Package: krb5

 Summary: Four vulnerabilities discovered in krb5

 More information:
    Kerberos V5 is a trusted-third-party network authentication system,
    which can improve your network's security by eliminating the insecure
    practice of cleartext passwords.

    KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for
    some krb4 message types, which allows remote attackers to cause
    a denial of service (crash) and possibly execute arbitrary code
    via crafted messages that trigger a NULL pointer dereference
    or double-free. (CVE-2008-0062)

    The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not
    properly clear the unused portion of a buffer when generating an
    error message, which might allow remote attackers to obtain sensitive
    information, aka "Uninitialized stack values." (CVE-2008-0063)

    Buffer overflow in the RPC library used by libgssrpc and kadmind
    in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers
    to execute arbitrary code by triggering a large number of open
    file descriptors. (CVE-2008-0947)

    Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used
    by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and
    probably other versions before 1.3, when running on systems
    whose unistd.h does not define the FD_SETSIZE macro, allows
    remote attackers to cause a denial of service (crash) and
    possibly execute arbitrary code by triggering a large number
    of open file descriptors. (CVE-2008-0948)

 Affected Products:
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server


 <Turbolinux 11 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/krb5-1.6.2-6.src.rpm
     15694136 2164e033af5b9fab1ac8f1e989e5d037

   Binary Packages
   Size: MD5

   krb5-devel-1.6.2-6.x86_64.rpm
      1183326 17beca80a2c47463f4b59dc374c123e5
   krb5-libs-1.6.2-6.x86_64.rpm
       647569 9c8558ed8499d7a5c168efeb3884dfa0
   krb5-server-1.6.2-6.x86_64.rpm
       792897 d7aac1eeb348f8304626ce3f6132664c
   krb5-server-ldap-1.6.2-6.x86_64.rpm
       100720 40b7533e3fbec8efec16fd4262a10307
   krb5-workstation-1.6.2-6.x86_64.rpm
       419278 f3bc804ad0ac2ec8be10ccddd5f646b8
   krb5-workstation-clients-1.6.2-6.x86_64.rpm
       281549 81b9bad638696d92376f5f39af5cd781
   krb5-workstation-servers-1.6.2-6.x86_64.rpm
       328828 1f82c7e6e9fdbbbdc8ddf3507c21096c

 <Turbolinux 11 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/krb5-1.6.2-6.src.rpm
     15694136 2164e033af5b9fab1ac8f1e989e5d037

   Binary Packages
   Size: MD5

   krb5-devel-1.6.2-6.i686.rpm
      1182996 66103c59e6f7e83f7a384c0af6358459
   krb5-libs-1.6.2-6.i686.rpm
       594784 76f27ba0b06e005fd83fa3f2347ac4ac
   krb5-server-1.6.2-6.i686.rpm
       773580 2618fd0313bbe240f090e51628481107
   krb5-server-ldap-1.6.2-6.i686.rpm
        94822 93fd3dc621f3e19586612a1fd0debd5a
   krb5-workstation-1.6.2-6.i686.rpm
       406608 aeffd7e6b5ea9909e3751a84069b32e2
   krb5-workstation-clients-1.6.2-6.i686.rpm
       254299 e72727b32944dedde9718294e3165e4e
   krb5-workstation-servers-1.6.2-6.i686.rpm
       302565 6ca1203d342802402fe710c04fcf2169


 References:

 CVE
   [CVE-2008-0062]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
   [CVE-2008-0063]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063
   [CVE-2008-0947]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947
   [CVE-2008-0948]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948

 --------------------------------------------------------------------------
 Revision History
    16 Jun 2008 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2008 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkhV5pYACgkQK0LzjOqIJMz8eACfTgQRDNKrgSqm8/0gT/81nw6M
EUIAnRxlwveMyml+BKPNRHsShIj4yMId
=X5AH
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.