=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2004/VULN569
_____________________________________________________________________

DATE                      : 23/12/2004

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running krb5.

======================================================================
  _______________________________________________________________________

                  Mandrakelinux Security Update Advisory
  _______________________________________________________________________

  Package name:           krb5
  Advisory ID:            MDKSA-2004:156
  Date:                   December 22nd, 2004

  Affected versions:	 10.0, 10.1, 9.2, Corporate Server 2.1
  ______________________________________________________________________

  Problem Description:

  Michael Tautschnig discovered a heap buffer overflow in the history
  handling code of libkadm5srv which could be exploited by an
  authenticated user to execute arbitrary code on a Key Distribution
  Center (KDC) server.

  The updated packages have been patched to prevent this problem.
  _______________________________________________________________________

  References:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1189
   http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-004-pwhist.txt
  ______________________________________________________________________

  Updated Packages:

  Mandrakelinux 10.0:
  5259ecd533fc0565920fbe8aec40cd3d  10.0/RPMS/ftp-client-krb5-1.3-6.4.100mdk.i586.rpm
  51bec69363fe219e4eec6b73bc1b802d  10.0/RPMS/ftp-server-krb5-1.3-6.4.100mdk.i586.rpm
  b8d00e7aecf213f9ae4ef5a67451adc2  10.0/RPMS/krb5-server-1.3-6.4.100mdk.i586.rpm
  d4043c430c172f66c9593d14e4399730  10.0/RPMS/krb5-workstation-1.3-6.4.100mdk.i586.rpm
  746d023be57fe5ddb0dbacac26fc8ebd  10.0/RPMS/libkrb51-1.3-6.4.100mdk.i586.rpm
  6a4e0e161543ecb0e0b5c5bfe011dfcf  10.0/RPMS/libkrb51-devel-1.3-6.4.100mdk.i586.rpm
  3eaa8cff9b16a32db93ec1e895a01998  10.0/RPMS/telnet-client-krb5-1.3-6.4.100mdk.i586.rpm
  ffbe1fbcea8c618ba2bffaaae0bcedf0  10.0/RPMS/telnet-server-krb5-1.3-6.4.100mdk.i586.rpm
  16d8b9d874e834149065db8bca4161dc  10.0/SRPMS/krb5-1.3-6.4.100mdk.src.rpm

  Mandrakelinux 10.0/AMD64:
  f3e89b08aff5e719ee32b17b450df7e6  amd64/10.0/RPMS/ftp-client-krb5-1.3-6.4.100mdk.amd64.rpm
  8fa797c90b0336f8b8650d0fed32c166  amd64/10.0/RPMS/ftp-server-krb5-1.3-6.4.100mdk.amd64.rpm
  9cebf80fcfaefb123c98a31b6bd279ca  amd64/10.0/RPMS/krb5-server-1.3-6.4.100mdk.amd64.rpm
  a52c18d67660dc19e370b9690315339b  amd64/10.0/RPMS/krb5-workstation-1.3-6.4.100mdk.amd64.rpm
  e605f5765eddd4eaa1e6974f07723c73  amd64/10.0/RPMS/lib64krb51-1.3-6.4.100mdk.amd64.rpm
  2559fd1f6695b03224862f472cfc4c7d  amd64/10.0/RPMS/lib64krb51-devel-1.3-6.4.100mdk.amd64.rpm
  3f8d481a719a231dee5298c9081c37e8  amd64/10.0/RPMS/telnet-client-krb5-1.3-6.4.100mdk.amd64.rpm
  6d767b9d0acb2d9028b56bfce19b4468  amd64/10.0/RPMS/telnet-server-krb5-1.3-6.4.100mdk.amd64.rpm
  16d8b9d874e834149065db8bca4161dc  amd64/10.0/SRPMS/krb5-1.3-6.4.100mdk.src.rpm

  Mandrakelinux 10.1:
  10e1a075457e7c4afa70825c83e86d76  10.1/RPMS/ftp-client-krb5-1.3.4-2.1.101mdk.i586.rpm
  8798a2f601f24b2751a4d465d4f98ca2  10.1/RPMS/ftp-server-krb5-1.3.4-2.1.101mdk.i586.rpm
  78475d53992fbf48c761fc29f96b8535  10.1/RPMS/krb5-server-1.3.4-2.1.101mdk.i586.rpm
  ecd91754869b7200ee8b0dc09577750a  10.1/RPMS/krb5-workstation-1.3.4-2.1.101mdk.i586.rpm
  5d792e412854a5e4dabf6be549489896  10.1/RPMS/libkrb53-1.3.4-2.1.101mdk.i586.rpm
  bb7086eb3c1f2e87b70b270a83e42e54  10.1/RPMS/libkrb53-devel-1.3.4-2.1.101mdk.i586.rpm
  333e3c7c4d764ebb32ee8ff34a1b7fa1  10.1/RPMS/telnet-client-krb5-1.3.4-2.1.101mdk.i586.rpm
  42e03d7080fdbd9839de8b65c85b1b68  10.1/RPMS/telnet-server-krb5-1.3.4-2.1.101mdk.i586.rpm
  0ea19d548852538b26066f75b7ef280d  10.1/SRPMS/krb5-1.3.4-2.1.101mdk.src.rpm

  Mandrakelinux 10.1/X86_64:
  aaf71808c6ad43416f008af590620930  x86_64/10.1/RPMS/ftp-client-krb5-1.3.4-2.1.101mdk.x86_64.rpm
  c6726c1b5c1c2278c5634b856da7c3d3  x86_64/10.1/RPMS/ftp-server-krb5-1.3.4-2.1.101mdk.x86_64.rpm
  a16f8dd425a3cbcd3d73a77a39363deb  x86_64/10.1/RPMS/krb5-server-1.3.4-2.1.101mdk.x86_64.rpm
  7926914181c2183b8953f9e923eb9f69  x86_64/10.1/RPMS/krb5-workstation-1.3.4-2.1.101mdk.x86_64.rpm
  439c0603bb36786883009595b4b2c346  x86_64/10.1/RPMS/lib64krb53-1.3.4-2.1.101mdk.x86_64.rpm
  0fb403b8d2d7258f947b8e518218dbcd  x86_64/10.1/RPMS/lib64krb53-devel-1.3.4-2.1.101mdk.x86_64.rpm
  7e0829d328491a5173ac145cb9211ab9  x86_64/10.1/RPMS/telnet-client-krb5-1.3.4-2.1.101mdk.x86_64.rpm
  529984cdea656be82188dc7b8e807789  x86_64/10.1/RPMS/telnet-server-krb5-1.3.4-2.1.101mdk.x86_64.rpm
  0ea19d548852538b26066f75b7ef280d  x86_64/10.1/SRPMS/krb5-1.3.4-2.1.101mdk.src.rpm

  Corporate Server 2.1:
  b6b07e10c2a5c1dfec9894c48eaa59fc  corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.8.C21mdk.i586.rpm
  0840970f8d38eb91807435379918da4e  corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.8.C21mdk.i586.rpm
  f5f79c6cb56232bc2d513902824eaca1  corporate/2.1/RPMS/krb5-devel-1.2.5-1.8.C21mdk.i586.rpm
  0388d0814b2fd7899e804264471ec38d  corporate/2.1/RPMS/krb5-libs-1.2.5-1.8.C21mdk.i586.rpm
  647c93e42a069205ccf6c085c0d5337e  corporate/2.1/RPMS/krb5-server-1.2.5-1.8.C21mdk.i586.rpm
  3756c27aa8fde4e81bb35bc6896f5d2b  corporate/2.1/RPMS/krb5-workstation-1.2.5-1.8.C21mdk.i586.rpm
  37c17167f8ef7b5e4eeceb60a17a3804  corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.8.C21mdk.i586.rpm
  dbac3b9e2bc0d60af9c5d9c2e55e53df  corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.8.C21mdk.i586.rpm
  847feb907c3022f0279f6cec8a1ab28d  corporate/2.1/SRPMS/krb5-1.2.5-1.8.C21mdk.src.rpm

  Corporate Server 2.1/x86_64:
  f1489d64518efaf2eaa73d1d7b69343c  x86_64/corporate/2.1/RPMS/ftp-client-krb5-1.2.5-1.8.C21mdk.x86_64.rpm
  a161fb6d0cb8b045491ec64117b413c6  x86_64/corporate/2.1/RPMS/ftp-server-krb5-1.2.5-1.8.C21mdk.x86_64.rpm
  9ec1d7ac348640bd1d464a58b5390f04  x86_64/corporate/2.1/RPMS/krb5-devel-1.2.5-1.8.C21mdk.x86_64.rpm
  aa42b2e5934d95cde48ffb705e55fb62  x86_64/corporate/2.1/RPMS/krb5-libs-1.2.5-1.8.C21mdk.x86_64.rpm
  8fa79e2d839c4d0f2dba664029b8e64b  x86_64/corporate/2.1/RPMS/krb5-server-1.2.5-1.8.C21mdk.x86_64.rpm
  052a4fde53a2a066a1bbd001b4b20742  x86_64/corporate/2.1/RPMS/krb5-workstation-1.2.5-1.8.C21mdk.x86_64.rpm
  a8b3bbbc1a6f9425a33df27a7e317ab7  x86_64/corporate/2.1/RPMS/telnet-client-krb5-1.2.5-1.8.C21mdk.x86_64.rpm
  407ef805887d30a942b82ce37e2db63d  x86_64/corporate/2.1/RPMS/telnet-server-krb5-1.2.5-1.8.C21mdk.x86_64.rpm
  847feb907c3022f0279f6cec8a1ab28d  x86_64/corporate/2.1/SRPMS/krb5-1.2.5-1.8.C21mdk.src.rpm

  Mandrakelinux 9.2:
  ceb891e96c0c18c775f0775335d7daed  9.2/RPMS/ftp-client-krb5-1.3-3.4.92mdk.i586.rpm
  737826c759a0366b3f1e1a5e08ba68e7  9.2/RPMS/ftp-server-krb5-1.3-3.4.92mdk.i586.rpm
  e88cbf35407e09b34987440d41fc46c0  9.2/RPMS/krb5-server-1.3-3.4.92mdk.i586.rpm
  5572f323cc19bf3df6bbd4619200e6ce  9.2/RPMS/krb5-workstation-1.3-3.4.92mdk.i586.rpm
  f39fd4c4e2722b75af178efb5c53270c  9.2/RPMS/libkrb51-1.3-3.4.92mdk.i586.rpm
  1e2fc6b6750057bc2c86109843472e93  9.2/RPMS/libkrb51-devel-1.3-3.4.92mdk.i586.rpm
  a9f3fe282ce9633ea7633a9ef1ee5e8c  9.2/RPMS/telnet-client-krb5-1.3-3.4.92mdk.i586.rpm
  fd56a352d88b0a4366a694983226dcf0  9.2/RPMS/telnet-server-krb5-1.3-3.4.92mdk.i586.rpm
  003b0c283b689682d975b64cb0abb8ef  9.2/SRPMS/krb5-1.3-3.4.92mdk.src.rpm

  Mandrakelinux 9.2/AMD64:
  ca86cfd5de3e31eca88d33040a4fbbcf  amd64/9.2/RPMS/ftp-client-krb5-1.3-3.4.92mdk.amd64.rpm
  fdc91c66742b8c234f7ec625b446b754  amd64/9.2/RPMS/ftp-server-krb5-1.3-3.4.92mdk.amd64.rpm
  20da9152c854ee5882fe0b1a84c6b938  amd64/9.2/RPMS/krb5-server-1.3-3.4.92mdk.amd64.rpm
  66b41ebc03f3b945fe16eb7683f113a7  amd64/9.2/RPMS/krb5-workstation-1.3-3.4.92mdk.amd64.rpm
  d2c69d6dce82a1118c83aa0558c45656  amd64/9.2/RPMS/lib64krb51-1.3-3.4.92mdk.amd64.rpm
  39d72a1fb616203e710e962c16f4c3f2  amd64/9.2/RPMS/lib64krb51-devel-1.3-3.4.92mdk.amd64.rpm
  a7903a38ba17da110a4493ddf61c5f41  amd64/9.2/RPMS/telnet-client-krb5-1.3-3.4.92mdk.amd64.rpm
  bdb463f1f851819b2098ff5f0f7305ea  amd64/9.2/RPMS/telnet-server-krb5-1.3-3.4.92mdk.amd64.rpm
  003b0c283b689682d975b64cb0abb8ef  amd64/9.2/SRPMS/krb5-1.3-3.4.92mdk.src.rpm
  _______________________________________________________________________

  To upgrade automatically use MandrakeUpdate or urpmi.  The verification
  of md5 checksums and GPG signatures is performed automatically for you.

  All packages are signed by Mandrakesoft for security.  You can obtain
  the GPG public key of the Mandrakelinux Security Team by executing:

   gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

  You can view other update advisories for Mandrakelinux at:

   http://www.mandrakesoft.com/security/advisories

  If you want to report vulnerabilities, please contact

   security_linux-mandrake.com

  Type Bits/KeyID     Date       User ID
  pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
   <security linux-mandrake.com>

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================