-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:245 http://www.mandriva.com/security/ _______________________________________________________________________ Package : krb5 Date : November 30, 2010 Affected: 2009.0, 2010.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in krb5: An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. Under some circumstances, this can negate the incremental security benefit of using a single-use authentication mechanism token. An unauthenticated remote attacker has a 1/256 chance of forging KRB-SAFE messages in an application protocol if the targeted pre-existing session uses an RC4 session key. Few application protocols use KRB-SAFE messages (CVE-2010-1323). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: ed005ce6d0a31c2c028b38290d2d23f7 2009.0/i586/ftp-client-krb5-1.6.3-6.6mdv2009.0.i586.rpm b0d610dd1dd4be2658b3c3a08dcc31aa 2009.0/i586/ftp-server-krb5-1.6.3-6.6mdv2009.0.i586.rpm 791006917acdcb397c9e7689770d7c36 2009.0/i586/krb5-1.6.3-6.6mdv2009.0.i586.rpm cb7d7518d360b46eb083039f1feee340 2009.0/i586/krb5-server-1.6.3-6.6mdv2009.0.i586.rpm b1749fbde829029d688fde290ee1954a 2009.0/i586/krb5-workstation-1.6.3-6.6mdv2009.0.i586.rpm 99bccc78bdb574f3189d3f9880638105 2009.0/i586/libkrb53-1.6.3-6.6mdv2009.0.i586.rpm 1b21f740d4502b04ba092b450876469d 2009.0/i586/libkrb53-devel-1.6.3-6.6mdv2009.0.i586.rpm f87d10751e70f02b709c82d755db019e 2009.0/i586/telnet-client-krb5-1.6.3-6.6mdv2009.0.i586.rpm 248584468c20980a30cbaa1f2172d93d 2009.0/i586/telnet-server-krb5-1.6.3-6.6mdv2009.0.i586.rpm 279bbdbf0c611000e9295897aac21c62 2009.0/SRPMS/krb5-1.6.3-6.6mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 89ad30c1c76ab4992c891ce6eb34716f 2009.0/x86_64/ftp-client-krb5-1.6.3-6.6mdv2009.0.x86_64.rpm cdba6d2b6cd019ecc6881be5275091af 2009.0/x86_64/ftp-server-krb5-1.6.3-6.6mdv2009.0.x86_64.rpm 4be4ed11da0e9593861116f7f2cbb49f 2009.0/x86_64/krb5-1.6.3-6.6mdv2009.0.x86_64.rpm e351b352e276d4ea44cca84e1e7e6c74 2009.0/x86_64/krb5-server-1.6.3-6.6mdv2009.0.x86_64.rpm d6781f21f0a0c954510a3855f7075d74 2009.0/x86_64/krb5-workstation-1.6.3-6.6mdv2009.0.x86_64.rpm 151dec2c24b9ff1e608f2cd1daa1042e 2009.0/x86_64/lib64krb53-1.6.3-6.6mdv2009.0.x86_64.rpm c9c041aa74f5114ccbb1ad728abd98d9 2009.0/x86_64/lib64krb53-devel-1.6.3-6.6mdv2009.0.x86_64.rpm 6018f8c6a827bd917700bfd9fb16aa63 2009.0/x86_64/telnet-client-krb5-1.6.3-6.6mdv2009.0.x86_64.rpm f09f8fabb70fd09f4b6be10cfc97f647 2009.0/x86_64/telnet-server-krb5-1.6.3-6.6mdv2009.0.x86_64.rpm 279bbdbf0c611000e9295897aac21c62 2009.0/SRPMS/krb5-1.6.3-6.6mdv2009.0.src.rpm Mandriva Linux 2010.0: 87781c261341cfa333bfbaa67886d3f5 2010.0/i586/ftp-client-krb5-1.6.3-10.4mdv2010.0.i586.rpm e2e72dcbc91a2eb01bcf9ef618861672 2010.0/i586/ftp-server-krb5-1.6.3-10.4mdv2010.0.i586.rpm 6f8be2e3c308af75a82cf37be72a0ac5 2010.0/i586/krb5-1.6.3-10.4mdv2010.0.i586.rpm fdb3c95ad58aff10a70009368c4ce683 2010.0/i586/krb5-server-1.6.3-10.4mdv2010.0.i586.rpm 5f346e92394af1d6f801d53024247575 2010.0/i586/krb5-workstation-1.6.3-10.4mdv2010.0.i586.rpm f02253d397b5ea221af118e576af6114 2010.0/i586/libkrb53-1.6.3-10.4mdv2010.0.i586.rpm 4f837b840be0655ab513fcf8054aee3d 2010.0/i586/libkrb53-devel-1.6.3-10.4mdv2010.0.i586.rpm dd4b4c5c204a6f53e2a074b83d95f6fe 2010.0/i586/telnet-client-krb5-1.6.3-10.4mdv2010.0.i586.rpm d9f470d10eb7f7dc5838d2b42e09e2bf 2010.0/i586/telnet-server-krb5-1.6.3-10.4mdv2010.0.i586.rpm 155600292f04d42d823e543c67c6820e 2010.0/SRPMS/krb5-1.6.3-10.4mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: a98a5d9be4ec2f8ce8cbc1e529f01a18 2010.0/x86_64/ftp-client-krb5-1.6.3-10.4mdv2010.0.x86_64.rpm 1c37919f956303ccdb0367b5099dce95 2010.0/x86_64/ftp-server-krb5-1.6.3-10.4mdv2010.0.x86_64.rpm e1fa476906a1c39fea82af54e5ef46ea 2010.0/x86_64/krb5-1.6.3-10.4mdv2010.0.x86_64.rpm 5fae3c064f42ac15c3d76b62ed1d31a8 2010.0/x86_64/krb5-server-1.6.3-10.4mdv2010.0.x86_64.rpm 16ec6abe879d88f2e64d602979d68251 2010.0/x86_64/krb5-workstation-1.6.3-10.4mdv2010.0.x86_64.rpm 0fa9d14d9b6a0ca3bcba6ced67d80974 2010.0/x86_64/lib64krb53-1.6.3-10.4mdv2010.0.x86_64.rpm 6ba4fda406959d55a34ba1e3f2663ae6 2010.0/x86_64/lib64krb53-devel-1.6.3-10.4mdv2010.0.x86_64.rpm c74854e156d72aaf6eb0cc4f6e9839dd 2010.0/x86_64/telnet-client-krb5-1.6.3-10.4mdv2010.0.x86_64.rpm ae0c89a59476046c9f59e2a6b18dcb57 2010.0/x86_64/telnet-server-krb5-1.6.3-10.4mdv2010.0.x86_64.rpm 155600292f04d42d823e543c67c6820e 2010.0/SRPMS/krb5-1.6.3-10.4mdv2010.0.src.rpm Corporate 4.0: dec2633783c4b665b92ad399b9a51660 corporate/4.0/i586/ftp-client-krb5-1.4.3-5.10.20060mlcs4.i586.rpm 380be1fc294337f204641917774b70df corporate/4.0/i586/ftp-server-krb5-1.4.3-5.10.20060mlcs4.i586.rpm 114bc5ea49aef4326cd0794637a87c17 corporate/4.0/i586/krb5-server-1.4.3-5.10.20060mlcs4.i586.rpm 33373aa43ace9fe599e1048878cca829 corporate/4.0/i586/krb5-workstation-1.4.3-5.10.20060mlcs4.i586.rpm 7d4f74b48d73c0bca75a0f72bcc0921a corporate/4.0/i586/libkrb53-1.4.3-5.10.20060mlcs4.i586.rpm 289e9317d9a3d690bba2a6a0caf759f4 corporate/4.0/i586/libkrb53-devel-1.4.3-5.10.20060mlcs4.i586.rpm 363af388e65141a65565fa486943546e corporate/4.0/i586/telnet-client-krb5-1.4.3-5.10.20060mlcs4.i586.rpm b5cd78bb4a17d65c55c0f65080b2506a corporate/4.0/i586/telnet-server-krb5-1.4.3-5.10.20060mlcs4.i586.rpm 391a77d92c277bbeb019c929d90a467c corporate/4.0/SRPMS/krb5-1.4.3-5.10.20060mlcs4.src.rpm Corporate 4.0/X86_64: 8167696ba48bb72abb4139a21ea28124 corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.10.20060mlcs4.x86_64.rpm fbe0e8826e8d9de4219c4fe6d8522869 corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.10.20060mlcs4.x86_64.rpm 6a78b2837dceb16aa2b89c1b1e37a141 corporate/4.0/x86_64/krb5-server-1.4.3-5.10.20060mlcs4.x86_64.rpm a614abee8d842b32ae7e77f12a5cb5e8 corporate/4.0/x86_64/krb5-workstation-1.4.3-5.10.20060mlcs4.x86_64.rpm 8454424927b830e424fc2005353d90ee corporate/4.0/x86_64/lib64krb53-1.4.3-5.10.20060mlcs4.x86_64.rpm a145126429abd891937c02d515381cc1 corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.10.20060mlcs4.x86_64.rpm c637967bef7c5841aa9450ff6e94309e corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.10.20060mlcs4.x86_64.rpm 5cf49d35408a884e297dca2f823ca3ec corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.10.20060mlcs4.x86_64.rpm 391a77d92c277bbeb019c929d90a467c corporate/4.0/SRPMS/krb5-1.4.3-5.10.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM9XQTmqjQ0CJFipgRAnOaAJwIYhVA9gWRrDzj2mE5gDDWtjtYiwCg6XtA oYFGcxfeSST1fNaz2CepxeY= =FXu1 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/