From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-commits+bounces-51072-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1JdsXs-0001cu-JJ
	for garchives@archives.gentoo.org; Mon, 24 Mar 2008 19:41:24 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id E0A26E04E0;
	Mon, 24 Mar 2008 19:41:23 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 9884EE04E0
	for <gentoo-commits@lists.gentoo.org>; Mon, 24 Mar 2008 19:41:23 +0000 (UTC)
Received: from stork.gentoo.org (stork.gentoo.org [64.127.104.133])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTP id 212706683D
	for <gentoo-commits@lists.gentoo.org>; Mon, 24 Mar 2008 19:41:23 +0000 (UTC)
Received: from rbu by stork.gentoo.org with local (Exim 4.68)
	(envelope-from <rbu@gentoo.org>)
	id 1JdsXp-0007FC-UF
	for gentoo-commits@lists.gentoo.org; Mon, 24 Mar 2008 19:41:21 +0000
From: "Robert Buchholz (rbu)" <rbu@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Reply-To: gentoo-dev@lists.gentoo.org, rbu@gentoo.org
Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200803-31.xml
X-VCS-Repository: gentoo
X-VCS-Files: glsa-200803-31.xml
X-VCS-Directories: xml/htdocs/security/en/glsa
X-VCS-Committer: rbu
X-VCS-Committer-Name: Robert Buchholz
Content-Type: text/plain; charset=utf8
Message-Id: <E1JdsXp-0007FC-UF@stork.gentoo.org>
Sender: Robert Buchholz <rbu@stork.gentoo.org>
Date: Mon, 24 Mar 2008 19:41:21 +0000
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: bd62d42e-6eeb-432d-b038-4501257016af
X-Archives-Hash: 2856cd379530d856606e753668f45111

rbu         08/03/24 19:41:21

  Added:                glsa-200803-31.xml
  Log:
  GLSA 200803-31

Revision  Changes    Path
1.1                  xml/htdocs/security/en/glsa/glsa-200803-31.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en=
/glsa/glsa-200803-31.xml?rev=3D1.1&view=3Dmarkup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en=
/glsa/glsa-200803-31.xml?rev=3D1.1&content-type=3Dtext/plain

Index: glsa-200803-31.xml
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
<?xml version=3D"1.0" encoding=3D"utf-8"?>
<?xml-stylesheet href=3D"/xsl/glsa.xsl" type=3D"text/xsl"?>
<?xml-stylesheet href=3D"/xsl/guide.xsl" type=3D"text/xsl"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

<glsa id=3D"200803-31">
  <title>MIT Kerberos 5: Multiple vulnerabilities</title>
  <synopsis>
    Multiple vulnerabilites have been found in MIT Kerberos 5, which coul=
d
    allow a remote unauthenticated user to execute arbitrary code with ro=
ot
    privileges.
  </synopsis>
  <product type=3D"ebuild">mit-krb5</product>
  <announced>March 24, 2008</announced>
  <revised>March 24, 2008: 01</revised>
  <bug>199205</bug>
  <bug>212363</bug>
  <access>remote</access>
  <affected>
    <package name=3D"app-crypt/mit-krb5" auto=3D"yes" arch=3D"*">
      <unaffected range=3D"ge">1.6.3-r1</unaffected>
      <vulnerable range=3D"lt">1.6.3-r1</vulnerable>
    </package>
  </affected>
  <background>
    <p>
    MIT Kerberos 5 is a suite of applications that implement the Kerberos
    network protocol. kadmind is the MIT Kerberos 5 administration daemon=
,
    KDC is the Key Distribution Center.
    </p>
  </background>
  <description>
    <ul><li>Two vulnerabilities were found in the Kerberos 4 support in
    KDC: A global variable is not set for some incoming message types,
    leading to a NULL pointer dereference or a double free()
    (CVE-2008-0062) and unused portions of a buffer are not properly
    cleared when generating an error message, which results in stack
    content being contained in a reply (CVE-2008-0063).</li>
    <li>Jeff
    Altman (Secure Endpoints) discovered a buffer overflow in the RPC
    library server code, used in the kadmin server, caused when too many
    file descriptors are opened (CVE-2008-0947).</li>
    <li>Venustech AD-LAB
    discovered multiple vulnerabilities in the GSSAPI library: usage of a
    freed variable in the gss_indicate_mechs() function (CVE-2007-5901) a=
nd
    a double free() vulnerability in the gss_krb5int_make_seal_token_v3()
    function (CVE-2007-5971).</li>
    </ul>
  </description>
  <impact type=3D"high">
    <p>
    The first two vulnerabilities can be exploited by a remote
    unauthenticated attacker to execute arbitrary code on the host runnin=
g
    krb5kdc, compromise the Kerberos key database or cause a Denial of
    Service. These bugs can only be triggered when Kerberos 4 support is
    enabled.
    </p>
    <p>
    The RPC related vulnerability can be exploited by a remote
    unauthenticated attacker to crash kadmind, and theoretically execute
    arbitrary code with root privileges or cause database corruption. Thi=
s
    bug can only be triggered in configurations that allow large numbers =
of
    open file descriptors in a process.
    </p>
    <p>
    The GSSAPI vulnerabilities could be exploited by a remote attacker to
    cause Denial of Service conditions or possibly execute arbitrary code=
.
    </p>
  </impact>
  <workaround>
    <p>
    Kerberos 4 support can be disabled via disabling the "krb4" USE flag
    and recompiling the ebuild, or setting "v4_mode=3Dnone" in the
    [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work arou=
nd
    the KDC related vulnerabilities.
    </p>
  </workaround>
  <resolution>
    <p>
    All MIT Kerberos 5 users should upgrade to the latest version:
    </p>
    <code>
    # emerge --sync
    # emerge --ask --oneshot --verbose &quot;&gt;=3Dapp-crypt/mit-krb5-1.=
6.3-r1&quot;</code>
  </resolution>
  <references>
    <uri link=3D"http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007=
-5894">CVE-2007-5901</uri>
    <uri link=3D"http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007=
-5971">CVE-2007-5971</uri>
    <uri link=3D"http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008=
-0062">CVE-2008-0062</uri>
    <uri link=3D"http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008=
-0063">CVE-2008-0063</uri>
    <uri link=3D"http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008=
-0947">CVE-2008-0947</uri>
  </references>
  <metadata tag=3D"requester" timestamp=3D"Tue, 18 Mar 2008 22:11:44 +000=
0">
    p-y
  </metadata>
  <metadata tag=3D"submitter" timestamp=3D"Thu, 20 Mar 2008 23:06:42 +000=
0">
    rbu
  </metadata>
  <metadata tag=3D"bugReady" timestamp=3D"Thu, 20 Mar 2008 23:15:12 +0000=
">
    rbu
  </metadata>
</glsa>



--=20
gentoo-commits@lists.gentoo.org mailing list