Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:0527-1

Опубликовано: 19 фев. 2021
Источник: suse-cvrf

Описание

Security update for krb5-appl

This update for krb5-appl fixes the following issues:

  • CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109).
  • CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109).

Список пакетов

HPE Helion OpenStack 8
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE Linux Enterprise Server 12 SP2-BCL
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE Linux Enterprise Server 12 SP2-LTSS
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE Linux Enterprise Server 12 SP3-BCL
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE Linux Enterprise Server 12 SP3-LTSS
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE Linux Enterprise Server 12 SP4-LTSS
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE Linux Enterprise Server 12 SP5
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE OpenStack Cloud 7
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE OpenStack Cloud 8
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE OpenStack Cloud 9
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE OpenStack Cloud Crowbar 8
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1
SUSE OpenStack Cloud Crowbar 9
krb5-appl-clients-1.0.3-3.6.1
krb5-appl-servers-1.0.3-3.6.1

Ссылки

Описание

An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.

Затронутые продукты
HPE Helion OpenStack 8:krb5-appl-clients-1.0.3-3.6.1
HPE Helion OpenStack 8:krb5-appl-servers-1.0.3-3.6.1
SUSE Linux Enterprise Server 12 SP2-BCL:krb5-appl-clients-1.0.3-3.6.1
SUSE Linux Enterprise Server 12 SP2-BCL:krb5-appl-servers-1.0.3-3.6.1
Ссылки

Описание

In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.

Затронутые продукты
HPE Helion OpenStack 8:krb5-appl-clients-1.0.3-3.6.1
HPE Helion OpenStack 8:krb5-appl-servers-1.0.3-3.6.1
SUSE Linux Enterprise Server 12 SP2-BCL:krb5-appl-clients-1.0.3-3.6.1
SUSE Linux Enterprise Server 12 SP2-BCL:krb5-appl-servers-1.0.3-3.6.1
Ссылки
Уязвимость SUSE-SU-2021:0527-1