82961 – krb5 < 1.2.5 vulnerable to multiple attacks

Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.

Bug 82961 - krb5 < 1.2.5 vulnerable to multiple attacks

Summary: krb5 < 1.2.5 vulnerable to multiple attacks

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	krb5
Sub Component:
Version:	7.3
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Nalin Dahyabhai
QA Contact:	Brian Brock
Docs Contact:
URL:	http://online.securityfocus.com/archi...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-01-28 23:57 UTC by Seth Vidal
Modified:	2007-03-27 04:00 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2003-04-23 10:36:01 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Seth Vidal 2003-01-28 23:57:13 UTC

Description of problem: According to the included URL krb5's kdc <1.2.5 is
vulnerable to multiple attacks.

Are there patches and/or errata in the queue for release?

would a rebuild of srpms from 8.0 work on 7.3?



thanks
-sv

Comment 1 Mark J. Cox 2003-02-06 11:23:32 UTC

Only the following two of the four listed vulnerabilities apply to Red Hat Linux
7.3:

An integer signedness error in the ASN.1 decoder before version 1.2.5
allows remote attackers to cause a denial of service via a large unsigned
data element length, which is later used as a negative value. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2002-0036
to this issue. Red Hat Linux 8.0 and later is not affected by this issue.

The Key Distribution Center (KDC) before version 1.2.5 allows remote,
authenticated, attackers to cause a denial of service (crash) on KDCs
within the same realm via a certain protocol request that causes a null
dereference. The Common Vulnerabilities and Exposures project has assigned
the name CAN-2003-0058 to this issue. Red Hat Linux 8.0 and later is not
affected by this issue.

An advisory containing backported patches for these issues is being worked on

Comment 2 Mark J. Cox 2003-04-23 10:36:01 UTC

These and other issues were fixed by errata
http://rhn.redhat.com/errata/RHSA-2003-051.html
out on Mar26

Note You need to log in before you can comment on or make changes to this bug.