Bug#454974: krb5: multiple vulnerabilities

Sat, 08 Dec 2007 06:30:14 -0800 

Package: krb5
Version: 1.1.7-1
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for krb5.

CVE-2007-5971[0]:
| Double-free vulnerability in the gss_krb5int_make_seal_token_v3
| function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has
| unknown impact and attack vectors.

CVE-2007-5902[1]:
| Integer overflow in the svcauth_gss_get_principal function in
| lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to 
have
| an unknown impact via a large length value for a GSS client name in an RPC
| request.

CVE-2007-5901[2]:
| Use-after-free vulnerability in the gss_indicate_mechs function in
| lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact
| and attack vectors. NOTE: this might be the result of a typo in the source
| code.

CVE-2007-5894[3]:
| The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does
| not initialize the length variable when auth_type has a certain value, which
| has unknown impact and remote authenticated attack vectors. NOTE: the original
| disclosure misidentifies the conditions under which the uninitialized variable
| is used.

CVE-2007-5972[4]:
| Double-free vulnerability in the krb5_def_store_mkey function in
| lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and
| remote authenticated attack vectors. NOTE: the free operations occur in code
| that stores the krb5kdc master key, and thus the attacker must have privileges
| to store this key.

CVE-2007-5972 seems to be rather unimportant.

I did not check these vulnerabilities for stable or oldstable.

If you fix these vulnerabilities please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpywMdh5Y0pp.pgp
Description: PGP signature

Reply via email to