krb5-appl-1.0.1-2.AXS4.1
エラータID: AXSA:2011-703:01
リリース日:
2011/12/29 Thursday - 10:56
題名:
krb5-appl-1.0.1-2.AXS4.1
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
High
Description:
This package contains Kerberos-aware versions of the telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others.
Security issues fixed with this release:
CVE-2011-1526ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.
解決策:
Update packages.
CVE:
CVE-2011-1526
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.
追加情報:
From Asianux Server 4 SP1.
ダウンロード:
SRPMS
- krb5-appl-1.0.1-2.AXS4.1.src.rpm
MD5: 5ec6bbb5a8acd2ccd1fa8a8ef731fd2a
SHA-256: 67ad03d9eb3d2835a14fd33d4dcd66620a0b30063828cfc3255ebf2225a550a7
Size: 719.95 kB
Asianux Server 4 for x86
- krb5-appl-clients-1.0.1-2.AXS4.1.i686.rpm
MD5: c1822e2c1611758df3fc3099356f4e50
SHA-256: 05766c0fc1401f6a7a4a9dc747d6ae8378924e042d48296d6e4f92d4d121cc1f
Size: 222.43 kB - krb5-appl-servers-1.0.1-2.AXS4.1.i686.rpm
MD5: fb4e13108f647c484e6b402bc0dd8049
SHA-256: b5d8bba51322c3f14c0e5d4d68e918b3ed9b09ac47a8229185dcb5122c5d55b3
Size: 198.80 kB
Asianux Server 4 for x86_64
- krb5-appl-clients-1.0.1-2.AXS4.1.x86_64.rpm
MD5: 3c972fa4a25066cb5f42a4b9177a9ad5
SHA-256: 61af7d9b3ec782e4c175fa10c1f2c65cbd35a9af5774aa68c4e746d9f048cbd9
Size: 227.03 kB - krb5-appl-servers-1.0.1-2.AXS4.1.x86_64.rpm
MD5: 6579ab0f3089022a4f37f5cdaa8ea6dc
SHA-256: 223e573b74a41e9044c5a171953be762818493035417fa29b08af43817ad3316
Size: 201.06 kB