|
|
>> Mandriva Security Update Fixes MIT Kerberos Multiple Command Execution Vulnerabilities
|
Title : Mandriva Security Update Fixes MIT Kerberos Multiple Command Execution Vulnerabilities
VUPEN ID : VUPEN/ADV-2007-1251
CVE ID : CVE-2007-0956 - CVE-2007-0957 - CVE-2007-1216
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-04-05
|
Mandriva has released security updates to address multiple vulnerabilities identified in krb5. These issues could be exploited by attackers to bypass security restrictions and execute arbitrary commands. For additional information, see : VUPEN/ADV-2007-1218
Affected Products
Mandriva Linux 2006.0
Mandriva Linux 2007.0
Mandriva Linux 2007.1
Mandriva Corporate 3.0
Mandriva Corporate 4.0
Mandriva Multi Network Firewall 2.0
Solution
Upgrade the affected packages :
Mandriva Linux 2006.0:
f76875e9839deaf87628a3c7e0a81632 2006.0/i586/ftp-client-krb5-1.4.2-2.2.20060mdk.i586.rpm
d2448392e0c350d3ca488d2e73e57f6d 2006.0/i586/ftp-server-krb5-1.4.2-2.2.20060mdk.i586.rpm
42e6330603ecaed04ea0649f7050a4c1 2006.0/i586/krb5-server-1.4.2-2.2.20060mdk.i586.rpm
adadd1cad1f1bc5f01809a508d2b8fd1 2006.0/i586/krb5-workstation-1.4.2-2.2.20060mdk.i586.rpm
ab8987522600f8e629901563e3be90c2 2006.0/i586/libkrb53-1.4.2-2.2.20060mdk.i586.rpm
7d70bb7bb821c3e91e9d062330528815 2006.0/i586/libkrb53-devel-1.4.2-2.2.20060mdk.i586.rpm
f4104abdc22e16574bcddde0a178d935 2006.0/i586/telnet-client-krb5-1.4.2-2.2.20060mdk.i586.rpm
110f54ead0abc486faa1f2b47057122b 2006.0/i586/telnet-server-krb5-1.4.2-2.2.20060mdk.i586.rpm
8cc03b4b7cc34cb3c2b53e4f9f9b73dd 2006.0/SRPMS/krb5-1.4.2-2.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
0f2d7c3fc50552aa586dd6c5b12a5b85 2006.0/x86_64/ftp-client-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
bbd94e005c67b4b94cf544b736028416 2006.0/x86_64/ftp-server-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
f406f21d7b210ae6d489c77c15d34a60 2006.0/x86_64/krb5-server-1.4.2-2.2.20060mdk.x86_64.rpm
9d00284ec202ed44e63266698a1d85e6 2006.0/x86_64/krb5-workstation-1.4.2-2.2.20060mdk.x86_64.rpm
8ca28a4cc9eb7f292a1d73b975740fab 2006.0/x86_64/lib64krb53-1.4.2-2.2.20060mdk.x86_64.rpm
565b9a19c5cf7b94dcf28e1bc1e21d2e 2006.0/x86_64/lib64krb53-devel-1.4.2-2.2.20060mdk.x86_64.rpm
5c931d032ce9d3ed91a4e4b04f20bfb8 2006.0/x86_64/telnet-client-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
27b39ae245a43322d4abbb4191da56ac 2006.0/x86_64/telnet-server-krb5-1.4.2-2.2.20060mdk.x86_64.rpm
8cc03b4b7cc34cb3c2b53e4f9f9b73dd 2006.0/SRPMS/krb5-1.4.2-2.2.20060mdk.src.rpm
Mandriva Linux 2007.0:
6dfbc8eef1479cce19c957bbed4457aa 2007.0/i586/ftp-client-krb5-1.4.3-6.1mdv2007.0.i586.rpm
54ff3fe8a117603f8700e96f34a1b33a 2007.0/i586/ftp-server-krb5-1.4.3-6.1mdv2007.0.i586.rpm
2caf0205301d01a6be4ad1506944ba39 2007.0/i586/krb5-server-1.4.3-6.1mdv2007.0.i586.rpm
b7b4a4f4b1fa356ca6468ffece1dfce8 2007.0/i586/krb5-workstation-1.4.3-6.1mdv2007.0.i586.rpm
ab253c6ad6ecd7c15c1d150f5ed34091 2007.0/i586/libkrb53-1.4.3-6.1mdv2007.0.i586.rpm
f192ef28bb37286be1e291761d3ced9c 2007.0/i586/libkrb53-devel-1.4.3-6.1mdv2007.0.i586.rpm
d208fcaa1c5069c657815061ed3b2687 2007.0/i586/telnet-client-krb5-1.4.3-6.1mdv2007.0.i586.rpm
0f95ea728eca0962591d142c74238700 2007.0/i586/telnet-server-krb5-1.4.3-6.1mdv2007.0.i586.rpm
87c94334c61bc67e3ef95e930ee72149 2007.0/SRPMS/krb5-1.4.3-6.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
02a5ebc046e0cb9133162ce621fb3b1f 2007.0/x86_64/ftp-client-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
0a2b6ae87af0ed4ec445b65531d3408a 2007.0/x86_64/ftp-server-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
e2958d861bb45c52be5cad5bbf08ef35 2007.0/x86_64/krb5-server-1.4.3-6.1mdv2007.0.x86_64.rpm
fac1f28b2c5a2065ffa772e2e1cb6d70 2007.0/x86_64/krb5-workstation-1.4.3-6.1mdv2007.0.x86_64.rpm
36bcd1fb2e859c637256680ca4fc468b 2007.0/x86_64/lib64krb53-1.4.3-6.1mdv2007.0.x86_64.rpm
7d936ed2b1441714205e987bd63a2ec5 2007.0/x86_64/lib64krb53-devel-1.4.3-6.1mdv2007.0.x86_64.rpm
4754b9b3ce36cad7d3dfa852a03d7fe0 2007.0/x86_64/telnet-client-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
71832a8dcf70b4e46b0bb9bc3343860d 2007.0/x86_64/telnet-server-krb5-1.4.3-6.1mdv2007.0.x86_64.rpm
87c94334c61bc67e3ef95e930ee72149 2007.0/SRPMS/krb5-1.4.3-6.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
5eae0ebe3be9e580c1c19ee041c9d72f 2007.1/i586/ftp-client-krb5-1.5.2-6.1mdv2007.1.i586.rpm
83dd6a9c403f9ea3bc32a40a64c98fbf 2007.1/i586/ftp-server-krb5-1.5.2-6.1mdv2007.1.i586.rpm
7fc832a70c77923aeec52cd309ee9c6f 2007.1/i586/krb5-server-1.5.2-6.1mdv2007.1.i586.rpm
e54a01775aa24a1d9a08090b62b59a6c 2007.1/i586/krb5-workstation-1.5.2-6.1mdv2007.1.i586.rpm
cfeabf699713ff757eb646ab681a6acc 2007.1/i586/libkrb53-1.5.2-6.1mdv2007.1.i586.rpm
c3bf54b449ec81b27a7ca5a41dff9a7a 2007.1/i586/libkrb53-devel-1.5.2-6.1mdv2007.1.i586.rpm
801cd83b96ebcd8f3ca425543f1f63a5 2007.1/i586/telnet-client-krb5-1.5.2-6.1mdv2007.1.i586.rpm
0568ed507d58f76302071b197d9523cc 2007.1/i586/telnet-server-krb5-1.5.2-6.1mdv2007.1.i586.rpm
5e774ba6ce43122995ac39c43164d092 2007.1/SRPMS/krb5-1.5.2-6.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
392287e6ad669fd9321a9de1c85796d8 2007.1/x86_64/ftp-client-krb5-1.5.2-6.1mdv2007.1.x86_64.rpm
68349333c7611dee78c814ea4fc2d9f2 2007.1/x86_64/ftp-server-krb5-1.5.2-6.1mdv2007.1.x86_64.rpm
a651024d2b42bc67033287e6795db6b5 2007.1/x86_64/krb5-server-1.5.2-6.1mdv2007.1.x86_64.rpm
28cd0236420330bb839b8e39ef2949c2 2007.1/x86_64/krb5-workstation-1.5.2-6.1mdv2007.1.x86_64.rpm
690eb27a9d90ab5319f70ea8f7326be4 2007.1/x86_64/lib64krb53-1.5.2-6.1mdv2007.1.x86_64.rpm
058d267b757c9ba63200e26f258100c3 2007.1/x86_64/lib64krb53-devel-1.5.2-6.1mdv2007.1.x86_64.rpm
d1bed5a3c84f0cc3e96d4760faa33477 2007.1/x86_64/telnet-client-krb5-1.5.2-6.1mdv2007.1.x86_64.rpm
ee1b6269c10f066d8fbd6ee2d0c2c818 2007.1/x86_64/telnet-server-krb5-1.5.2-6.1mdv2007.1.x86_64.rpm
5e774ba6ce43122995ac39c43164d092 2007.1/SRPMS/krb5-1.5.2-6.1mdv2007.1.src.rpm
Corporate 3.0:
02c99157c7a70bcf69309e4ef15dd886 corporate/3.0/i586/ftp-client-krb5-1.3-6.8.C30mdk.i586.rpm
3f58daeaaed40d88f74507049966df22 corporate/3.0/i586/ftp-server-krb5-1.3-6.8.C30mdk.i586.rpm
3703251ed231c0df3bc0d2477ef77f6a corporate/3.0/i586/krb5-server-1.3-6.8.C30mdk.i586.rpm
ff9ca353c32ed0c0a655ef9a4179c751 corporate/3.0/i586/krb5-workstation-1.3-6.8.C30mdk.i586.rpm
de0c33d4bc2fc6b61d365f91e366bd67 corporate/3.0/i586/libkrb51-1.3-6.8.C30mdk.i586.rpm
5fac8b79343bef871b450524682b5c68 corporate/3.0/i586/libkrb51-devel-1.3-6.8.C30mdk.i586.rpm
4a0216e5afa5ec83523e5cfdcd6fda24 corporate/3.0/i586/telnet-client-krb5-1.3-6.8.C30mdk.i586.rpm
ae5eed1f6591a785f4093924d98d640f corporate/3.0/i586/telnet-server-krb5-1.3-6.8.C30mdk.i586.rpm
b76e0f3069504ba96ed29c13f8f8d9b6 corporate/3.0/SRPMS/krb5-1.3-6.8.C30mdk.src.rpm
Corporate 3.0/X86_64:
effb08ab8684a97a591c8112d146e827 corporate/3.0/x86_64/ftp-client-krb5-1.3-6.8.C30mdk.x86_64.rpm
110e5a4422f57c7c7db46967f265ed20 corporate/3.0/x86_64/ftp-server-krb5-1.3-6.8.C30mdk.x86_64.rpm
a178af307e6c416bb77b9dc45ff49ac6 corporate/3.0/x86_64/krb5-server-1.3-6.8.C30mdk.x86_64.rpm
b84aab804554143cf1a9ce511a42a81a corporate/3.0/x86_64/krb5-workstation-1.3-6.8.C30mdk.x86_64.rpm
a122ef49d58a704d321297eea594b3f6 corporate/3.0/x86_64/lib64krb51-1.3-6.8.C30mdk.x86_64.rpm
b68729b8c2d401fec19beb5ad68006e7 corporate/3.0/x86_64/lib64krb51-devel-1.3-6.8.C30mdk.x86_64.rpm
63482694130642c1e156054e9a944d3a corporate/3.0/x86_64/telnet-client-krb5-1.3-6.8.C30mdk.x86_64.rpm
52c1eada2b3104f8387f2b5eee0c5e92 corporate/3.0/x86_64/telnet-server-krb5-1.3-6.8.C30mdk.x86_64.rpm
b76e0f3069504ba96ed29c13f8f8d9b6 corporate/3.0/SRPMS/krb5-1.3-6.8.C30mdk.src.rpm
Corporate 4.0:
0b6d63d25604e886c74688f5189e3d99 corporate/4.0/i586/ftp-client-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
8f0ddc6328ca242f74d1238d7c42a097 corporate/4.0/i586/ftp-server-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
50f2d47b6c02cff492bb0a39073f9ad4 corporate/4.0/i586/krb5-server-1.4.3-5.2.20060mlcs4.i586.rpm
dc869f11fab9a71c5970fa7b574276bf corporate/4.0/i586/krb5-workstation-1.4.3-5.2.20060mlcs4.i586.rpm
2961482510210a3ceec020566b4fd370 corporate/4.0/i586/libkrb53-1.4.3-5.2.20060mlcs4.i586.rpm
49954e190e4e672b5437d36a4d9befaa corporate/4.0/i586/libkrb53-devel-1.4.3-5.2.20060mlcs4.i586.rpm
204894da33e23e65f71b73dc538262da corporate/4.0/i586/telnet-client-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
ae51fdd37d52903ecc548fa7b66f0129 corporate/4.0/i586/telnet-server-krb5-1.4.3-5.2.20060mlcs4.i586.rpm
e646f77683f9ebc6591be949bc8208bc corporate/4.0/SRPMS/krb5-1.4.3-5.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
d4b0719081f93a1806868f24f8100b0c corporate/4.0/x86_64/ftp-client-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
ee3b47806dd47f634b97b0dba99f80f2 corporate/4.0/x86_64/ftp-server-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
64d9d4d773b6aed752db77ec282d7c3e corporate/4.0/x86_64/krb5-server-1.4.3-5.2.20060mlcs4.x86_64.rpm
62426e65d7b5662f27c185a92f353c98 corporate/4.0/x86_64/krb5-workstation-1.4.3-5.2.20060mlcs4.x86_64.rpm
65f8e462a0333caec9512aabe944d9ab corporate/4.0/x86_64/lib64krb53-1.4.3-5.2.20060mlcs4.x86_64.rpm
811fbfdcfa723937dbfc2af3670baa70 corporate/4.0/x86_64/lib64krb53-devel-1.4.3-5.2.20060mlcs4.x86_64.rpm
6b2c5735bcc66849bbae68cfae669535 corporate/4.0/x86_64/telnet-client-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
e4fb528ecf1d98fdae0d76c873d6b88f corporate/4.0/x86_64/telnet-server-krb5-1.4.3-5.2.20060mlcs4.x86_64.rpm
e646f77683f9ebc6591be949bc8208bc corporate/4.0/SRPMS/krb5-1.4.3-5.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
eec7136889615016b562fcf56cd38202 mnf/2.0/i586/libkrb51-1.3-6.8.M20mdk.i586.rpm
b64b6185d2a648f74b2f024acf4bab01 mnf/2.0/SRPMS/krb5-1.3-6.8.M20mdk.src.rpm
References
http://www.vupen.com/english/advisories/2007/1251
http://archives.mandrivalinux.com/security-announce/2007-04/msg00005.php
http://archives.mandrivalinux.com/security-announce/2007-04/msg00010.php
ChangeLog
2007-04-05 : Initial release
2007-04-10 : Updated Solution
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
