Lucene search

DebianDEBIAN:DSA-2031-1:DFCC6

HistoryApr 11, 2010 - 8:43 a.m.

[SECURITY] [DSA 2031-1] New krb5 packages fix denial of service

2010-04-1108:43:03

lists.debian.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

78.6%

JSON

Debian Security Advisory DSA-2031-1 [email protected]
http://www.debian.org/security/ Giuseppe Iuculano
April 11, 2010 http://www.debian.org/security/faq

Package : krb5
Vulnerability : use-after-free
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-0629
Debian Bug : 567052

Sol Jerome discovered that kadmind service in krb5, a system for authenticating
users and services on a network, allows remote authenticated users to cause a
denial of service (daemon crash) via a request from a kadmin client that sends
an invalid API version number.

For the stable distribution (lenny), this problem has been fixed in
version 1.6.dfsg.4~beta1-5lenny3.

The testing distribution (squeeze), and the unstable distribution (sid) are
not affected by this issue.

We recommend that you upgrade your krb5 package.

Upgrade instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian (stable)

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny3.dsc
Size/MD5 checksum: 1537 5e303b1137773a3151e3c32c3e711707
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz
Size/MD5 checksum: 11647547 08d6ce311204803acbe878ef0bb23c71
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny3.diff.gz
Size/MD5 checksum: 852374 02717d2cea45f186eb05cd196d8035ac

Architecture independent packages:

http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-5lenny3_all.deb
Size/MD5 checksum: 2149738 7d91c163fb39f13e4bb9371d6700ec34

alpha architecture (DEC Alpha)

amd64 architecture (AMD x86_64 (AMD64))

arm architecture (ARM)

armel architecture (ARM EABI)

hppa architecture (HP PA RISC)

i386 architecture (Intel ia32)

ia64 architecture (Intel ia64)

mipsel architecture (MIPS (Little Endian))

powerpc architecture (PowerPC)

s390 architecture (IBM S/390)

sparc architecture (Sun SPARC/UltraSPARC)

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

OSVersionArchitecturePackageVersionFilename
Debian5powerpclibkrb53< 1.6.dfsg.4~beta1-5lenny3libkrb53_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
Debian5sparclibkrb5-dev< 1.6.dfsg.4~beta1-5lenny3libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_sparc.deb
Debian5powerpckrb5-telnetd< 1.6.dfsg.4~beta1-5lenny3krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
Debian5armkrb5-kdc-ldap< 1.6.dfsg.4~beta1-5lenny3krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_arm.deb
Debian5ia64krb5-kdc-ldap< 1.6.dfsg.4~beta1-5lenny3krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_ia64.deb
Debian5armelkrb5-user< 1.6.dfsg.4~beta1-5lenny3krb5-user_1.6.dfsg.4~beta1-5lenny3_armel.deb
Debian5sparckrb5-ftpd< 1.6.dfsg.4~beta1-5lenny3krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_sparc.deb
Debian5powerpckrb5-kdc-ldap< 1.6.dfsg.4~beta1-5lenny3krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
Debian5ia64libkrb53< 1.6.dfsg.4~beta1-5lenny3libkrb53_1.6.dfsg.4~beta1-5lenny3_ia64.deb
Debian5powerpckrb5-pkinit< 1.6.dfsg.4~beta1-5lenny3krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_powerpc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	5	powerpc	libkrb53	< 1.6.dfsg.4~beta1-5lenny3	libkrb53_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
Debian	5	sparc	libkrb5-dev	< 1.6.dfsg.4~beta1-5lenny3	libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_sparc.deb
Debian	5	powerpc	krb5-telnetd	< 1.6.dfsg.4~beta1-5lenny3	krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
Debian	5	arm	krb5-kdc-ldap	< 1.6.dfsg.4~beta1-5lenny3	krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_arm.deb
Debian	5	ia64	krb5-kdc-ldap	< 1.6.dfsg.4~beta1-5lenny3	krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_ia64.deb
Debian	5	armel	krb5-user	< 1.6.dfsg.4~beta1-5lenny3	krb5-user_1.6.dfsg.4~beta1-5lenny3_armel.deb
Debian	5	sparc	krb5-ftpd	< 1.6.dfsg.4~beta1-5lenny3	krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_sparc.deb
Debian	5	powerpc	krb5-kdc-ldap	< 1.6.dfsg.4~beta1-5lenny3	krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
Debian	5	ia64	libkrb53	< 1.6.dfsg.4~beta1-5lenny3	libkrb53_1.6.dfsg.4~beta1-5lenny3_ia64.deb
Debian	5	powerpc	krb5-pkinit	< 1.6.dfsg.4~beta1-5lenny3	krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_powerpc.deb