Debian セキュリティ勧告

DSA-143-1 krb5 -- 整数オーバフロー

報告日時:

2002-08-05

影響を受けるパッケージ:

krb5

危険性:

あり

参考セキュリティデータベース:

(SecurityFocus の) Bugtraq データベース: BugTraq ID 5356.
Mitre の CVE 辞書: CVE-2002-0391.
CERT の脆弱性リスト、勧告および付加情報: VU#192995.

詳細:

整数オーバフローによるバグが、SunRPC 由来の Kerberos 5 認証システムで用いている RPC ライブラリで発見されました。このバグにより、KDC ホストを攻撃して不正に root 権限を取得することができます。現在、攻撃者はこの攻撃に成功するためには、kadmin デーモンにて認証を得る必要があると考えられていますが、現在のところ攻撃手法は知られていません。

この問題は、現安定版 (stable) のバージョン 1.2.4-5woody1、及び不安定版 (unstable) ではバージョン 1.2.5-2 で修正されています。旧安定版 (stable) の potato には krb5 パッケージは収録されていないため、この脆弱性を持ちません。

すぐに kerberos パッケージをアップグレードすることを勧めます。

修正:

Debian GNU/Linux 3.0 (woody)

ソース:: http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody1.dsc; http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody1.diff.gz; http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4.orig.tar.gz
アーキテクチャ非依存コンポーネント:: http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.2.4-5woody1_all.deb
Alpha:: http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_alpha.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_alpha.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_alpha.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_alpha.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_alpha.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_alpha.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_alpha.deb; http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_alpha.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_alpha.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_arm.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_arm.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_arm.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_arm.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_arm.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_arm.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_arm.deb; http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_arm.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_arm.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_i386.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_i386.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_i386.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_i386.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_i386.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_i386.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_i386.deb; http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_i386.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_i386.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_ia64.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_ia64.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_ia64.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_ia64.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_ia64.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_ia64.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_ia64.deb; http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_ia64.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_ia64.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_ia64.deb
HP Precision:: http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_hppa.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_hppa.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_hppa.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_hppa.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_hppa.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_hppa.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_hppa.deb; http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_hppa.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_hppa.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_m68k.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_m68k.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_m68k.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_m68k.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_m68k.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_m68k.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_m68k.deb; http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_m68k.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_m68k.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_mips.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_mips.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_mips.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_mips.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_mips.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_mips.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_mips.deb; http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_mips.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_mips.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_mipsel.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_mipsel.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_mipsel.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_mipsel.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_mipsel.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_mipsel.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_mipsel.deb; http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_mipsel.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_mipsel.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_powerpc.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_powerpc.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_powerpc.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_powerpc.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_powerpc.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_powerpc.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_powerpc.deb; http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_powerpc.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_powerpc.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_s390.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_s390.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_s390.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_s390.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_s390.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_s390.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_s390.deb; http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_s390.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_s390.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_sparc.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_sparc.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_sparc.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_sparc.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_sparc.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_sparc.deb; http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_sparc.deb; http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_sparc.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_sparc.deb; http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_sparc.deb

一覧にあるファイルの MD5 チェックサムは勧告の原文にあります。