Debian-Sicherheitsankündigung

DSA-143-1 krb5 -- Integer-Überlauf

Datum des Berichts:
05. Aug 2002
Betroffene Pakete:
krb5
Verwundbar:
Ja
Sicherheitsdatenbanken-Referenzen:
In der Bugtraq-Datenbank (bei SecurityFocus): BugTraq ID 5356.
In Mitres CVE-Verzeichnis: CVE-2002-0391.
CERTs Verwundbarkeiten, Hinweise und Ereignis-Notizen: VU#192995.
Weitere Informationen:

Ein Integer-Überlauf wurde in der vom Kerberos 5 Administrationssystem verwendeten RPC-Bibliothek gefunden, die von der SunRPC-Bibliothek abgeleitet ist. Dieser Fehler könnte dazu ausgenutzt werden, unberechtigten root-Zugriff auf einen KDC-Rechner zu erlangen. Es wird vermutet, dass der Angreifer sich beim kadmin Daemon authentifizieren muss, um diesen Angriff erfolgreich durchzuführen. Im Augenblick sind noch keine Ausbeutungen bekannt.

Dieses Problem wurde in Version 1.2.4-5woody1 für die aktuelle stable Distribution (Woody) und in Version 1.2.5-2 für die unstable Distribution (Sid) behoben. Debian 2.2 (Potato) ist nicht davon betroffen, da es keine krb5-Pakete enthält.

Wir empfehlen Ihnen, Ihre kerberos-Pakete unverzüglich zu aktualisieren.

Behoben in:

Debian GNU/Linux 3.0 (woody)

Quellcode:
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody1.dsc
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody1.diff.gz
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4.orig.tar.gz
Architektur-unabhängige Dateien:
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.2.4-5woody1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_ia64.deb
HP Precision:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.