krb5-1.10.3-37.AXS4
エラータID: AXSA:2015-113:01
Release date:
Wednesday, April 15, 2015 - 19:23
Subject:
krb5-1.10.3-37.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
Moderate
Description:
Description:
Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form.
Solution:
Update package.
CVEs:
CVE-2014-5352
The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.
The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.
CVE-2014-5353
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.
CVE-2014-5355
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.
CVE-2014-9421
The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.
The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.
CVE-2014-9422
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.
Additional Info:
N/A
Download:
SRPMS
- krb5-1.10.3-37.AXS4.src.rpm
MD5: 2f185545c351da29170a4c81708581c4
SHA-256: 438dc411018c72140c8c2b53633782b1b15e9c3dca763807dac28cdbd5ed90c0
Size: 11.51 MB
Asianux Server 4 for x86
- krb5-devel-1.10.3-37.AXS4.i686.rpm
MD5: c9786decc8fbbe0e23fe0a95b2b37b74
SHA-256: 06fa25825cbf202d714d7309766b891b27ac10ae91c63bbe00a06dd556cb3c23
Size: 497.45 kB - krb5-libs-1.10.3-37.AXS4.i686.rpm
MD5: ae009a38d76553280f4cb043b54ec370
SHA-256: eae0efe8c018d18342af69fbd02675c6087ad1569a32113db5023133c6076124
Size: 772.68 kB - krb5-pkinit-openssl-1.10.3-37.AXS4.i686.rpm
MD5: e18da0fc8d79ec8ea77ecfebb841beba
SHA-256: 5cd1b13bc559f5b0e3a2e47d2106fb1199959e0ae56ff9ec2da5e00b4e9bc8bf
Size: 121.80 kB - krb5-server-1.10.3-37.AXS4.i686.rpm
MD5: 62298d8e487d496e853115cc9567dee5
SHA-256: 889cce8f8e569cc90c42e958009b10b376d31d42a7f0dae74e2e52e2ce98419c
Size: 1.98 MB - krb5-server-ldap-1.10.3-37.AXS4.i686.rpm
MD5: 87be86debf7b7b5cfb7b61be20647ba4
SHA-256: a0a5979afa749b93f204766456fcb75ba7bd987ddef4281b3d522974bf6544ac
Size: 155.71 kB - krb5-workstation-1.10.3-37.AXS4.i686.rpm
MD5: 19bc4580a5f6c00f6a2ff04105284367
SHA-256: be9883a9b942f0c986d7536a3f768f223e9b1328eeb1335b84c853bfab4bf7a6
Size: 805.96 kB
Asianux Server 4 for x86_64
- krb5-devel-1.10.3-37.AXS4.x86_64.rpm
MD5: cb474b6cb42f216cc5ec053e71978813
SHA-256: f8cdc038472ac2edafbc7757637c9e7614ac38df2e950371fba6600e6b5378e8
Size: 498.21 kB - krb5-libs-1.10.3-37.AXS4.x86_64.rpm
MD5: b6a125c3a4c9ba0e8a541e0d8426e5cb
SHA-256: 804c0a40d2cc65610270f78346f3f87899bb55871de35ae4a89d390b0f0510af
Size: 764.68 kB - krb5-pkinit-openssl-1.10.3-37.AXS4.x86_64.rpm
MD5: e825ec9150d84a1953253f0aa63899e5
SHA-256: c477f061b5524c64aea2f6a47bc949677c90b73173ea9765005fae5e9a53969f
Size: 121.71 kB - krb5-server-1.10.3-37.AXS4.x86_64.rpm
MD5: 2ebf84bd976c80e243a88d5b39e4187f
SHA-256: 7a18da3e36dfa5140ba317eb9ce735a8497d88a1a61a7360b40a39f1eb41e744
Size: 1.99 MB - krb5-server-ldap-1.10.3-37.AXS4.x86_64.rpm
MD5: 9627086a65fe5969cc942946911aed34
SHA-256: 5381dc336417e3bbe9726c6c21412efc5780e004627a00daa3c0dd281083fe93
Size: 155.68 kB - krb5-workstation-1.10.3-37.AXS4.x86_64.rpm
MD5: d3c78f986ab4c548b56e0813eb3723ae
SHA-256: 84fdd78ccb92454984d5cc421eca30d27dee664a5027af9176f5b0f691a38a8e
Size: 808.49 kB - krb5-devel-1.10.3-37.AXS4.i686.rpm
MD5: c9786decc8fbbe0e23fe0a95b2b37b74
SHA-256: 06fa25825cbf202d714d7309766b891b27ac10ae91c63bbe00a06dd556cb3c23
Size: 497.45 kB - krb5-libs-1.10.3-37.AXS4.i686.rpm
MD5: ae009a38d76553280f4cb043b54ec370
SHA-256: eae0efe8c018d18342af69fbd02675c6087ad1569a32113db5023133c6076124
Size: 772.68 kB - krb5-server-ldap-1.10.3-37.AXS4.i686.rpm
MD5: 87be86debf7b7b5cfb7b61be20647ba4
SHA-256: a0a5979afa749b93f204766456fcb75ba7bd987ddef4281b3d522974bf6544ac
Size: 155.71 kB
日本語