Red Hat Security Advisory: Updated Kerberos 5 packages are now availableJun 16, 2000, 06:01 (1 Talkback[s])
Date: Thu, 15 Jun 2000 19:00 -0400
Red Hat, Inc. Security Advisory Synopsis: Updated Kerberos 5 packages are now available for Red Hat Linux. Advisory ID: RHSA-2000:025-12 Issue date: 2000-05-16 Updated on: 2000-06-15 Product: Red Hat Linux Keywords: N/A Cross references: N/A
Security vulnerabilities have been found in the Kerberos 5 implementation shipped with Red Hat Linux 6.2.
2. Relevant releases/architectures:
Red Hat Linux 6.2 - i386 alpha sparc
3. Problem description:
A number of possible buffer overruns were found in libraries included in the affected packages. A denial-of-service vulnerability was also found in the ksu program.
* A remote user may gain unauthorized root access to a machine running services authenticated with Kerberos 4.
* A remote user may gain unauthorized root access to a machine running krshd, regardless of whether the program is configured to accept Kerberos 4 authentication.
* A local user may gain unauthorized root access by exploiting v4rcp or ksu.
* A remote user can cause a KDC to become unresponsive or crash by sending it an improperly formatted request.
* A remote user may execute certain FTP commands without authorization on systems using the FTP server included in the krb5-workstation package.
* An attacker with access to a local account may gain unauthorized root access on systems using the FTP server included in the krb5-workstation package.
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
5. Bug IDs fixed http://bugzilla.redhat.com/bugzilla for more info):
10653 - 'stat' unresolved on "libkrb5.so.2.2" load
6. RPMs required:
Red Hat Linux 6.2:
MD5 sum Package Name
220dd8648e6560215475f29f12cf7fbf 6.2/SRPMS/krb5-1.1.1-21.src.rpm 506aa4887dbb63ee0fdf1b0617db5d92 6.2/alpha/krb5-configs-1.1.1-21.alpha.rpm 19d3648a64b259a3a83ef70ecf3c1d3e 6.2/alpha/krb5-devel-1.1.1-21.alpha.rpm ea30e1a247aa7d4c516ead13c825c8cb 6.2/alpha/krb5-libs-1.1.1-21.alpha.rpm 55805f5199f7c2c24c03f4609a2cbd81 6.2/alpha/krb5-server-1.1.1-21.alpha.rpm a98473df43eedf564efe9a05b30c2baf 6.2/alpha/krb5-workstation-1.1.1-21.alpha.rpm 43d0af74bb628d446dc8781e9d0ae08b 6.2/i386/krb5-configs-1.1.1-21.i386.rpm d13ac3cc0e680b0e452aeb34749ea7b4 6.2/i386/krb5-devel-1.1.1-21.i386.rpm 76882356337e55cd3bd5e0d5cfa454de 6.2/i386/krb5-libs-1.1.1-21.i386.rpm 93efde6cc79b16245f5e27e793a8a4ad 6.2/i386/krb5-server-1.1.1-21.i386.rpm aa00aa8b26a50b75317f51e447a17420 6.2/i386/krb5-workstation-1.1.1-21.i386.rpm ff7f959f22e80e9aeabb3a1c6602e225 6.2/sparc/krb5-configs-1.1.1-21.sparc.rpm 1cce9df9c5591fe43c1340334d01d6be 6.2/sparc/krb5-devel-1.1.1-21.sparc.rpm cc67fdfad917452f383e45a9945e5ae0 6.2/sparc/krb5-libs-1.1.1-21.sparc.rpm 0215d914b0d9e2f78830ef7df9b14fea 6.2/sparc/krb5-server-1.1.1-21.sparc.rpm 3f564e722e61c1e4e8bd1a3faa108b3d 6.2/sparc/krb5-workstation-1.1.1-21.sparc.rpmThese packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
You can verify each package with the following command:
If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
Thanks to Chris Evans, Mike Friedman, Jim Paris, Matt Power, Andrew Newman, Christopher R. Thompson, and Marcus Watts for reporting these problems to us and the Kerberos 5 team.