Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0257-1

Опубликовано: 06 фев. 2015
Источник: suse-cvrf

Описание

Security update for krb5

krb5 has been updated to fix four security issues:

* CVE-2014-5352: gss_process_context_token() incorrectly frees context (bsc#912002) * CVE-2014-9421: kadmind doubly frees partial deserialization results (bsc#912002) * CVE-2014-9422: kadmind incorrectly validates server principal name (bsc#912002) * CVE-2014-9423: libgssrpc server applications leak uninitialized bytes (bsc#912002)

Additionally, these non-security issues have been fixed:

* Winbind process hangs indefinitely without DC. (bsc#872912) * Hanging winbind processes. (bsc#906557)

Security Issues:

* CVE-2014-5352 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352> * CVE-2014-9421 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421> * CVE-2014-9422 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422> * CVE-2014-9423 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423>

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3
krb5-1.6.3-133.49.66.1
krb5-32bit-1.6.3-133.49.66.1
krb5-client-1.6.3-133.49.66.1
SUSE Linux Enterprise Server 11 SP3
krb5-1.6.3-133.49.66.1
krb5-32bit-1.6.3-133.49.66.1
krb5-apps-clients-1.6.3-133.49.66.1
krb5-apps-servers-1.6.3-133.49.66.1
krb5-client-1.6.3-133.49.66.1
krb5-doc-1.6.3-133.49.66.1
krb5-plugin-kdb-ldap-1.6.3-133.49.66.1
krb5-plugin-preauth-pkinit-1.6.3-133.49.66.1
krb5-server-1.6.3-133.49.66.1
krb5-x86-1.6.3-133.49.66.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
krb5-1.6.3-133.49.66.1
krb5-32bit-1.6.3-133.49.66.1
krb5-apps-clients-1.6.3-133.49.66.1
krb5-apps-servers-1.6.3-133.49.66.1
krb5-client-1.6.3-133.49.66.1
krb5-doc-1.6.3-133.49.66.1
krb5-plugin-kdb-ldap-1.6.3-133.49.66.1
krb5-plugin-preauth-pkinit-1.6.3-133.49.66.1
krb5-server-1.6.3-133.49.66.1
krb5-x86-1.6.3-133.49.66.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
krb5-1.6.3-133.49.66.1
krb5-32bit-1.6.3-133.49.66.1
krb5-apps-clients-1.6.3-133.49.66.1
krb5-apps-servers-1.6.3-133.49.66.1
krb5-client-1.6.3-133.49.66.1
krb5-doc-1.6.3-133.49.66.1
krb5-plugin-kdb-ldap-1.6.3-133.49.66.1
krb5-plugin-preauth-pkinit-1.6.3-133.49.66.1
krb5-server-1.6.3-133.49.66.1
krb5-x86-1.6.3-133.49.66.1
SUSE Linux Enterprise Software Development Kit 11 SP3
krb5-devel-1.6.3-133.49.66.1
krb5-devel-32bit-1.6.3-133.49.66.1
krb5-server-1.6.3-133.49.66.1

Ссылки

Описание

The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:krb5-1.6.3-133.49.66.1
SUSE Linux Enterprise Desktop 11 SP3:krb5-32bit-1.6.3-133.49.66.1
SUSE Linux Enterprise Desktop 11 SP3:krb5-client-1.6.3-133.49.66.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:krb5-1.6.3-133.49.66.1
Ссылки

Описание

The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:krb5-1.6.3-133.49.66.1
SUSE Linux Enterprise Desktop 11 SP3:krb5-32bit-1.6.3-133.49.66.1
SUSE Linux Enterprise Desktop 11 SP3:krb5-client-1.6.3-133.49.66.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:krb5-1.6.3-133.49.66.1
Ссылки

Описание

The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:krb5-1.6.3-133.49.66.1
SUSE Linux Enterprise Desktop 11 SP3:krb5-32bit-1.6.3-133.49.66.1
SUSE Linux Enterprise Desktop 11 SP3:krb5-client-1.6.3-133.49.66.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:krb5-1.6.3-133.49.66.1
Ссылки

Описание

The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:krb5-1.6.3-133.49.66.1
SUSE Linux Enterprise Desktop 11 SP3:krb5-32bit-1.6.3-133.49.66.1
SUSE Linux Enterprise Desktop 11 SP3:krb5-client-1.6.3-133.49.66.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:krb5-1.6.3-133.49.66.1
Ссылки
Уязвимость SUSE-SU-2015:0257-1