VUPEN Security - Fedora Security Update Fixes krb5 Remote Command Execution Vulnerabilities / Exploit (Security Advisories)

	Contact \| Site en Français

VUPEN VNS v4.0

Features and Options

Free 14-Day Trial

Partner Program

Receive More Information

Latest Intelligence

VUPEN Security Advisories

Virus and Malware Alerts

VUPEN Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Fedora Security Update Fixes krb5 Remote Command Execution Vulnerabilities

Title : Fedora Security Update Fixes krb5 Remote Command Execution Vulnerabilities
VUPEN ID : VUPEN/ADV-2007-3066
CVE ID : CVE-2007-3999 - CVE-2007-4000
CWE ID : VUPEN VNS Only

CVSS V2 : VUPEN VNS Only

Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-09-06

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary code. These issues are caused by errors in krb5. For additional information, see : VUPEN/ADV-2007-3051

Affected Products

Fedora Core 6

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

31792d33dfb5074183726a017c42ad1f66206201 SRPMS/krb5-1.5-23.fc6.src.rpm
31792d33dfb5074183726a017c42ad1f66206201 noarch/krb5-1.5-23.fc6.src.rpm
e5fbc20aea94e21af48d6d46458c92854d508572 ppc/krb5-server-1.5-23.fc6.ppc.rpm
e733f71856b88af79c0b7a1eca0935ed03df1c91 ppc/krb5-workstation-1.5-23.fc6.ppc.rpm
a0b45edc229ff6d81786bace0a6fb80d3c6863c2 ppc/krb5-libs-1.5-23.fc6.ppc.rpm
9c944c93c8d756526366f03bb006b2fc2cd48165 ppc/krb5-devel-1.5-23.fc6.ppc.rpm
e8bab315888665d59369b17f770d23219bfa66c3 ppc/debug/krb5-debuginfo-1.5-23.fc6.ppc.rpm
15d406196836e10b9a301f2b22d94c68f350ee49 x86_64/debug/krb5-debuginfo-1.5-23.fc6.x86_64.rpm
ba18e35c23ea1852a7c22229981cef13fe70009c x86_64/krb5-workstation-1.5-23.fc6.x86_64.rpm
b73254b8763984dd1028765922f3b3110892dfbc x86_64/krb5-server-1.5-23.fc6.x86_64.rpm
eff8153739036c06fddd4bb52cdd4ae3f08d318e x86_64/krb5-libs-1.5-23.fc6.x86_64.rpm
6c21ffe77feb1d30fb69e84465bfbb55d94a2be1 x86_64/krb5-devel-1.5-23.fc6.x86_64.rpm
8bd1055bf64be99828c71ebce200066cafb1a76b i386/debug/krb5-debuginfo-1.5-23.fc6.i386.rpm
4c18272684dce24a4ff144a66e4f1b1f0cabd1ce i386/krb5-devel-1.5-23.fc6.i386.rpm
bb6d99b77ab5cff6583f8724e66a20fbc59a7dc3 i386/krb5-libs-1.5-23.fc6.i386.rpm
9f9f10583ed2b18e7bc2c551d0643bd00591bd66 i386/krb5-server-1.5-23.fc6.i386.rpm
54feec274ab8804c618ddf200ef6d33c97e7624e i386/krb5-workstation-1.5-23.fc6.i386.rpm

References

http://www.vupen.com/english/advisories/2007/3066
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00100.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00140.html

ChangeLog

2007-09-06 : Initial release
2007-09-11 : Updated Solution

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

VUPEN Vulnerability
Notification Service

Latest Advisories

>> 2010-03-11

XnView DICOM Image Parsing Integer Overflow Vulnerability

>> 2010-03-11

Debian Security Update Fixes dpkg Directory Traversal Vulnerability

>> 2010-03-11

Debian Security Update Fixes KVM Privilege Escalation Issues

>> 2010-03-11

Mandriva Security Update Fixes Squid Denial of Service Vulnerability

>> 2010-03-11

Mandriva Security Update Fixes VirtualBox Denial of Service Vulnerability

More Informations