Bulletin d'alerte Debian

DSA-977-1 heimdal -- Plusieurs vulnérabilités

Date du rapport :
16 février 2006
Paquets concernés :
heimdal
Vulnérabilité :
Oui
Références dans la base de données de sécurité :
Dans le dictionnaire CVE du Mitre : CVE-2006-0582, CVE-2006-0677.
Plus de précisions :

Deux vulnérabilités ont été découvertes dans heimdal, une implémentation libre de Kerberos 5. Le projet « Common Vulnerabilities and Exposures » a identifié les problèmes suivants :

  • CVE-2006-0582

    L'usurpation de droits dans le serveur rsh permettait à un attaquant authentifié d'écraser des fichiers arbitraires et d'en devenir le propriétaire.

  • CVE-2006-0677

    Un attaquant distant pouvait forcer le serveur telnet à planter avant que l'utilisateur soit connecté, ce qui provoquait l'extinction de telnetd par inetd en cas de duplication de processus (« fork ») trop rapide.

L'ancienne distribution stable (Woody) n'expose pas les serveurs rsh et telnet à ces problèmes.

Pour l'actuelle distribution stable (Sarge), ces problèmes ont été corrigés dans la version 0.6.3-10sarge2.

Pour la distribution instable (Sid), ces problèmes seront bientôt corrigés.

Nous vous recommandons de mettre à jour vos paquets heimdal.

Corrigé dans :

Debian GNU/Linux 3.1 (sarge)

Source :
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.6.3-10sarge2.dsc
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.6.3-10sarge2.diff.gz
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.6.3.orig.tar.gz
Composant indépendant de l'architecture :
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-docs_0.6.3-10sarge2_all.deb
Alpha:
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_alpha.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_alpha.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_alpha.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_alpha.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_alpha.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_alpha.deb
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_alpha.deb
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_alpha.deb
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_alpha.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_alpha.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_alpha.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_alpha.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_amd64.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_amd64.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_amd64.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_amd64.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_amd64.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_amd64.deb
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_amd64.deb
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_amd64.deb
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_amd64.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_amd64.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_amd64.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_amd64.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_arm.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_arm.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_arm.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_arm.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_arm.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_arm.deb
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_arm.deb
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_arm.deb
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_arm.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_arm.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_arm.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_arm.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_i386.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_i386.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_i386.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_i386.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_i386.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_i386.deb
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_i386.deb
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_i386.deb
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_i386.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_i386.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_i386.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_i386.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_ia64.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_ia64.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_ia64.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_ia64.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_ia64.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_ia64.deb
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_ia64.deb
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_ia64.deb
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_ia64.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_ia64.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_ia64.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_ia64.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_hppa.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_hppa.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_hppa.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_hppa.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_hppa.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_hppa.deb
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_hppa.deb
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_hppa.deb
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_hppa.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_hppa.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_hppa.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_hppa.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_m68k.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_m68k.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_m68k.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_m68k.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_m68k.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_m68k.deb
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_m68k.deb
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_m68k.deb
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_m68k.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_m68k.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_m68k.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_m68k.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_mips.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_mips.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_mips.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_mips.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_mips.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_mips.deb
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_mips.deb
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_mips.deb
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_mips.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_mips.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_mips.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_mips.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_mipsel.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_powerpc.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_powerpc.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_powerpc.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_powerpc.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_powerpc.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_powerpc.deb
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_powerpc.deb
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_powerpc.deb
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_powerpc.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_powerpc.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_powerpc.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_powerpc.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_s390.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_s390.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_s390.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_s390.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_s390.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_s390.deb
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_s390.deb
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_s390.deb
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_s390.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_s390.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_s390.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_s390.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_sparc.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_sparc.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_sparc.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_sparc.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_sparc.deb
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_sparc.deb
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_sparc.deb
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_sparc.deb
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_sparc.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_sparc.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_sparc.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_sparc.deb
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_sparc.deb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.