AXSA:2020-4695:01

Release date: 
Tuesday, April 7, 2020 - 11:46
Subject: 
krb5-appl-1.0.1-10.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The krb5-appl packages contain Kerberos-aware versions of telnet, ftp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and trusted third-party, the Key Distribution Center (KDC).

Security Fix(es):

* telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code (CVE-2020-10188)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-10188
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. krb5-appl-1.0.1-10.AXS4.src.rpm
    MD5: bb27feebfb37b0c3d22256edcb5815da
    SHA-256: f36ab959a633e0134dc76785e4c80bad461cca62428de37a23a83c2fbde33d39
    Size: 727.46 kB

Asianux Server 4 for x86
  1. krb5-appl-clients-1.0.1-10.AXS4.i686.rpm
    MD5: 9b3cde488833a3db4a420bdc8f708643
    SHA-256: c05a7dedd18e1f82897d5794cf4aa4f5033f24768a19067984e8ae3d8474699c
    Size: 224.20 kB
  2. krb5-appl-servers-1.0.1-10.AXS4.i686.rpm
    MD5: c29791f1da2182122bb038b9c4fbc4d7
    SHA-256: d378205d80e9cfc2dc28603d27caf642528a2596555729d60540b2ddb27b6b1e
    Size: 200.09 kB

Asianux Server 4 for x86_64
  1. krb5-appl-clients-1.0.1-10.AXS4.x86_64.rpm
    MD5: e15a9a2e2f8c14026011087385db852f
    SHA-256: 9c29d0cb1c948cd170e1b73441870140baaf436064dd7ae0180afe5e8de02e86
    Size: 228.66 kB
  2. krb5-appl-servers-1.0.1-10.AXS4.x86_64.rpm
    MD5: 2c80614c17d8848d05261f89e2170318
    SHA-256: 1fe1d15d45faf436241ac06e0082cc6d11127ebec9b05b270333f3f4a5a6049a
    Size: 202.49 kB
Copyright© 2007-2015 Asianux. All rights reserved.