Bulletin d'alerte Debian
DSA-731-1 krb4 -- Dépassements de tampon
- Date du rapport :
- 2 juin 2005
- Paquets concernés :
- krb4
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans le dictionnaire CVE du Mitre : CVE-2005-0468, CVE-2005-0469.
Les annonces de vulnérabilité et les bulletins d'alerte du CERT : VU#341908, VU#291924. - Plus de précisions :
-
Plusieurs problèmes ont été découverts dans les clients telnet qui pourraient être exploités par des démons malveillants auxquels les clients se connecteraient. Le projet « Common Vulnerabilities and Exposures » a identifié les vulnérabilités suivantes :
- CAN-2005-0468
Gaël Delalleau a découvert un dépassement de tampon dans la fonction env_opt_add() permettant à un attaquant distant d'exécuter du code arbitraire.
- CAN-2005-0469
Gaël Delalleau a découvert un dépassement de tampon dans la gestion des sous-options LINEMODE des clients telnet. Du code arbitraire pouvait être exécuté sur le client lors de la connexion à un serveur malintentionné.
Pour l'actuelle distribution stable (Woody), ces problèmes ont été corrigés dans la version 1.1-8-2.4.
Pour l'actuelle distribution de test (Sarge), ces problèmes ont été corrigés dans la version 1.2.2-11.2.
Pour la distribution instable (Sid), ces problèmes ont été corrigés dans la version 1.2.2-11.2.
Nous vous recommandons de mettre à jour vos paquets krb4.
- CAN-2005-0468
- Corrigé dans :
-
Debian GNU/Linux 3.0 (woody)
- Source :
- http://security.debian.org/pool/updates/main/k/krb4/krb4_1.1-8-2.4.dsc
- http://security.debian.org/pool/updates/main/k/krb4/krb4_1.1-8-2.4.tar.gz
- http://security.debian.org/pool/updates/main/k/krb4/krb4_1.1-8-2.4.tar.gz
- Composant indépendant de l'architecture :
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-docs_1.1-8-2.4_all.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.1-8-2.4_all.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.1-8-2.4_all.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.1-8-2.4_all.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.1-8-2.4_all.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.1-8-2.4_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_arm.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_arm.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_arm.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_arm.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_arm.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_arm.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_arm.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_arm.deb
- http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_arm.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_arm.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_arm.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_arm.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_i386.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_i386.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_i386.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_i386.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_i386.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_i386.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_i386.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_i386.deb
- http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_i386.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_i386.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_i386.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_i386.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_mips.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_mips.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_mips.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_mips.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_mips.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_mips.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_mips.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_mips.deb
- http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_mips.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_mips.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_mips.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_mips.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_s390.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_s390.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_s390.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_s390.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_s390.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_s390.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_s390.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_s390.deb
- http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_s390.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_s390.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_s390.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_s390.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.