The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of MIT krb5: several vulnerabilities

Synthesis of the vulnerability 

Four vulnerabilities of MIT krb5 can be used by an attacker to create a denial of service and possibly to execute code.
Impacted software: Debian, Fedora, HP-UX, Mandriva Linux, Mandriva NF, MIT krb5, OpenSolaris, openSUSE, Solaris, RHEL, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity of this computer vulnerability: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 08/04/2009.
Références of this announce: 256728, 6822062, 6822066, BID-34257, BID-34408, BID-34409, c01717795, CERTA-2009-AVI-133, CERTA-2009-AVI-270, CERTA-2009-AVI-428, CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847, DSA-1766-1, FEDORA-2009-2834, FEDORA-2009-2852, HPSBUX02421, MDVSA-2009:098, MDVSA-2009:098-1, MDVSA-2010:005, MITKRB5-SA-2009-001, MITKRB5-SA-2009-002, RHSA-2009:0409-01, RHSA-2009:0410-01, SSRT090047, SUSE-SA:2009:019, VIGILANCE-VUL-8608, VMSA-2009-0008, VMSA-2009-0008.1, VMSA-2009-0008.2, VMSA-2010-0016, VMSA-2010-0016.1, VU#662091.

Description of the vulnerability 

Four vulnerabilities were announced in MIT krb5.

An attacker can use a SPNEGO authentication in order to stop MIT Kerberos via an invalid read. [severity:2/4; BID-34408, CERTA-2009-AVI-133, CVE-2009-0844, MITKRB5-SA-2009-001]

An attacker can use a SPNEGO authentication in order to stop MIT Kerberos via a NULL pointer (VIGILANCE-VUL-8568). [severity:2/4; BID-34257, BID-34408, CVE-2009-0845, MITKRB5-SA-2009-001]

The size of ASN.1 data is not correctly checked, which stops KDC of kinit. [severity:1/4; BID-34408, CVE-2009-0847, MITKRB5-SA-2009-001]

The "GeneralizedTime" ASN.1 type stores a date. The asn1_decode_generaltime() function can free a uninitialized memory area. This error corrupts the memory and leads to a denial of service and eventually to code execution. [severity:3/4; BID-34409, CERTA-2009-AVI-270, CERTA-2009-AVI-428, CVE-2009-0846, MITKRB5-SA-2009-002]

An attacker can therefore use them to create a denial of service and possibly to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness alert impacts software or systems such as Debian, Fedora, HP-UX, Mandriva Linux, Mandriva NF, MIT krb5, OpenSolaris, openSUSE, Solaris, RHEL, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.

Our Vigil@nce team determined that the severity of this computer vulnerability note is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 4 vulnerabilities.

An attacker with a expert ability can exploit this security bulletin.

Solutions for this threat 

MIT krb5: version 1.7.
Version 1.7 is corrected:
  http://web.mit.edu/Kerberos/krb5-1.7/

MIT krb5: patch.
A patch is available:
  http://web.mit.edu/kerberos/advisories/2009-001-patch.txt
  http://web.mit.edu/kerberos/advisories/2009-002-patch.txt
Versions krb5-1.7 and krb5-1.6.4 will be corrected.

Debian: new krb5 packages.
New packages are available:
  http://security.debian.org/pool/updates/main/k/krb5/*_1.4.4-7etch7_*.deb
  http://security.debian.org/pool/updates/main/k/krb5/*_1.6.dfsg.4~beta1-5lenny1_*.deb

Fedora: new krb5 packages.
New packages are available:
  krb5-1.6.3-16.fc9
  krb5-1.6.3-18.fc10

HP-UX: solution for Kerberos.
Following version is corrected:
HP-UX B.11.11 :
  krb5client : C.1.3.5.09 (http://software.hp.com/)
  KRB5-Client : PHSS_39774 (http://itrc.hp.com/)
HP-UX B.11.23 :
  krb5client : D.1.6.2.01
  KRB5-Client : PHSS_39765
HP-UX B.11.31 :
  krb5client : E.1.6.2.03
  KRB5-Client : PHSS_39766

Mandriva 2008.0: new krb5 packages.
New packages are available:
  krb5-1.6.2-7.3mdv2008.0

Mandriva: new krb5 packages.
New packages are available:
  Mandriva Linux 2008.1: krb5-1.6.3-6.2mdv2008.1
  Mandriva Linux 2009.0: krb5-1.6.3-6.2mdv2009.0
  Corporate 3.0: krb5-1.3-6.11.C30mdk
  Corporate 4.0: krb5-1.4.3-5.7.20060mlcs4
  Multi Network Firewall 2.0: krb5-1.3-6.11.M20mdk

RHEL 2.1, 3: new krb5 packages.
New packages are available:
Red Hat Enterprise Linux version 2.1 : krb5-1.2.2-49
Red Hat Enterprise Linux version 3: krb5-1.2.7-70

RHEL 4: new krb5 packages.
New packages are available:
  krb5-1.3.4-60.el4_7.2

RHEL 5: new krb5 packages.
New packages are available:
  krb5-1.6.1-31.el5_3.3

Solaris: patch and workaround for Kerberos.
IDRs are available:
  SPARC Platform
    SEAM (Sun Enterprise Authentication Mechanism) 1.0.1 (Solaris 8) : 112237-17
    SEAM (Sun Enterprise Authentication Mechanism) 1.0.1 Supplemental (Solaris 8) : 112390-15
    Solaris 9 : 112908-36
    Solaris 10 : 140074-08
    OpenSolaris : build snv_116
  x86 Platform
    SEAM (Sun Enterprise Authentication Mechanism) 1.0.1 (Solaris 8) : 112238-16
    SEAM (Sun Enterprise Authentication Mechanism) 1.0.1 Supplemental (Solaris 8) : 112240-14
    Solaris 9 : 115168-21
    Solaris 10 : 140130-09
    OpenSolaris : build snv_116
A workaround is to disable Kerberos.

SUSE: new krb5 packages.
New packages are available:
openSUSE 11.1:
  krb5-1.6.3-132.3.1
  krb5-1.6.3-132.5.1
   
openSUSE 11.0:
  krb5-1.6.3-50.3
  krb5-1.6.3-50.5
   
openSUSE 10.3:
  krb5-1.6.2-22.7
  krb5-1.6.2-22.9

VMware ESX, ESXi: patch for Service Console and Likewise.
A patch is available:
ESX 4.0 :
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-257-20101231-664659/ESX400-201101001.zip
  http://kb.vmware.com/kb/1029426
ESX 4.1 :
  http://bit.ly/a3Ffw8
  http://kb.vmware.com/kb/1027027
ESXi 4.1 :
  http://bit.ly/bb3xjV
  http://kb.vmware.com/kb/1027753

VMware: new krb5 packages.
New packages are available:
ESX 2.5.5 Upgrade Patch 14
  http://download3.vmware.com/software/esx/esx-2.5.5-184659-upgrade.tar.gz
  md5sum: 8bf0a6a1e8b43ccb401f3a604c3be363
  http://www.vmware.com/support/esx25/doc/esx-255-200908-patch.html
ESX 3.0.3 ESX303-200908403-SG
  http://download3.vmware.com/software/vi/ESX303-200908403-SG.zip
  md5sum: ace271a5d64bc575965c41c11612f265
  http://kb.vmware.com/kb/1013189
ESX 3.5.0 ESX350-200906407-SG
  http://download3.vmware.com/software/vi/ESX350-200906407-SG.zip
  md5sum: 6b8079430b0958abbf77e944a677ac6b
  http://kb.vmware.com/kb/1011801
ESX 4.0 ESX400-200906001
  [VMware used TinyURL]
  http://tinyurl.com/ncfu5s
  md5sum:cab549922f3429b236633c0e81351cde
  sha1sum:aff76554ec5ee3c915eb4eac02e62c131163059a
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a network vulnerability bulletin. The Vigil@nce vulnerability database contains several thousand vulnerabilities.