Debian セキュリティ勧告

DSA-543-1 krb5 -- 複数の欠陥

報告日時:
2004-08-31
影響を受けるパッケージ:
krb5
危険性:
あり
参考セキュリティデータベース:
Mitre の CVE 辞書: CVE-2004-0642, CVE-2004-0643, CVE-2004-0644, CVE-2004-0772.
CERT の脆弱性リスト、勧告および付加情報: VU#795632, VU#866472, VU#550464, VU#350792.
詳細:

MIT Kerberos 開発チームにより、MIT Kerberos バージョン 5 ソフトウェアに複数の欠陥が発見されました。Common Vulnerabilities and Exposures プロジェクトでは以下の問題を認識しています。

  • CAN-2004-0642 [VU#795632]

    メモリの二重解放のバグにより、認証を受けていないリモートの攻撃者が KDC およびクライアント上で任意のコードを実行する恐れがあります。

  • CAN-2004-0643 [VU#866472]

    複数のメモリの二重解放のバグにより、認証済みの攻撃者が Kerberos アプリケーションサーバ上で任意のコードを実行する恐れがあります。

  • CAN-2004-0644 [VU#550464]

    KDC とライブラリに、 リモートから攻撃可能なサービス不能 (DoS) 攻撃の脆弱性が発見されました。

  • CAN-2004-0772 [VU#350792]

    複数のメモリの二重解放のバグにより、 リモートの攻撃者がサーバ上で任意のコードを実行する恐れがあります。 この問題は、woody に収録されたバージョンには影響しません。

安定版 (stable) ディストリビューション (woody) では、これらの問題はバージョン 1.2.4-5woody6 で修正されています。

不安定版 (unstable) ディストリビューション (sid) では、これらの問題はバージョン 1.3.4-3 で修正されています。

直ちに krb5 パッケージをアップグレードすることをお勧めします。

修正:

Debian GNU/Linux 3.0 (woody)

ソース:
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody6.dsc
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody6.diff.gz
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4.orig.tar.gz
アーキテクチャ非依存コンポーネント:
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.2.4-5woody6_all.deb
Alpha:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_alpha.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_arm.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_i386.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_ia64.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_hppa.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_m68k.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_mips.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_mipsel.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_powerpc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_s390.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_sparc.deb
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_sparc.deb

一覧にあるファイルの MD5 チェックサムは勧告の原文にあります。