LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Eridani alert ERISA-2002:038 (krb5)



From:
    	      Eridani Star System <linux@eridani.co.uk>


To:
    	      eridani-announce@eridani.co.uk


Subject:
    	      [Eridani-Announce] ERISA-2002:038 - krb5


Date:
    	      Fri, 16 Aug 2002 05:51:10 +0100 (BST)



=========================================================================
		ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================

Package:	krb5 (Kerberos)
Summary:	Buffer overflow in Sun RPC XDR decoder
Date:		2002-08-16
ID:		ERISA-2002:038

=========================================================================

Problem description:

  XDR is a mechanism for encoding data structures for use with Sun RPC,
  which allows client processes to invoke procedures in a server process
  over a network.
  The Kerberos 5 authentication system contains an RPC library for network
  authentication, which includes a decoder for XDR derived from Sun's RPC
  implementation.
  Although this implementation of XDR has been demonstrated to be vulnerable
  to a heap buffer overflow, it is currently believed the attacker would need
  to authenticate to kadmin for this attack to succeed.
  No exploit for this is currently known to exist, however upgrading to the
  updated packages is strongly recommended, as these are not vulnerable to
  this issue.

-------------------------------------------------------------------------
Updated packages:

  38ef2da7e43521b0a3a58b904e8f4b1e  krb5-1.2.2-14.src.rpm

  034a269c2967c39cee15b9d2788c6652  krb5-devel-1.2.2-14.i386.rpm
  6d2ed6f572078406f59beb4e64ae2d82  krb5-libs-1.2.2-14.i386.rpm
  9333f093834f269ce7ebb4c8378c1765  krb5-server-1.2.2-14.i386.rpm
  b65d5f5e32de4f974b60eab2fcf2f6ac  krb5-workstation-1.2.2-14.i386.rpm

-------------------------------------------------------------------------
References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0391

=========================================================================

Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/

Packages are signed with our GNU GPG key, also on our FTP site.

Users of releases of Eridani Linux prior to 6.3 are advised to download
the source RPM and rebuild for their system.

Copyright (C)2002 Eridani Star System

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...

_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds