Aviso de seguridad de Debian

DSA-143-1 krb5 -- desbordamiento de entero

Fecha del informe:
5 de ago de 2002
Paquetes afectados:
krb5
Vulnerable:
Referencias a bases de datos de seguridad:
En la base de datos de Bugtraq (en SecurityFocus): Id. en BugTraq 5356.
En el diccionario CVE de Mitre: CVE-2002-0391.
Notas y avisos de incidentes y vulnerabilidades en CERT: VU#192995.
Información adicional:

Se ha descubierto un desbordamiento de entero en la biblioteca RPC usada por el sistema de administración Kerberos 5, que se deriva de la biblioteca SunRPC. Este error se podía explotar para ganar acceso no autorizado a root en un host KDC. Se cree que el atacante necesita ser capaz de autenticarse en el demonio kadmin para que el ataque tenga éxito. De momento, no se conocen explotaciones.

Este problema ha sido corregido en la versión 1.2.4-5woody1 para la distribución actual estable (woody) y en la versión 1.2.5-2 para la distribución inestable (sid). Debian 2.2 (potato) no se ve afectado porque no contiene los paquetes krb5.

Le recomendamos que actualice los paquetes kerberos inmediatamente.

Arreglado en:

Debian GNU/Linux 3.0 (woody)

Fuentes:
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody1.dsc
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody1.diff.gz
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4.orig.tar.gz
Componentes independientes de la arquitectura:
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.2.4-5woody1_all.deb
Alpha:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_ia64.deb
HP Precision:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_sparc.deb

Las sumas MD5 de los ficheros que se listan están disponibles en el aviso original.