Stay Secure with the Latest Linux Advisories

security advisorydenial of servicebuffer overflow

Red Hat Linux 6.2 RHSA-2000:025-05 Critical: Kerberos Denial of Service

Denial of service and buffer overflow vulnerabilities present.. ` --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Updated Kerberos 5 packages are now available for Red Hat Linux. Advisory ID: RHSA-2000:025-05 Issue date: 2000-05-16 Updated on: 2000-05-17 Product: Red Hat Linux Keywords: N/A Cross references: N/A --------------------------------------------------------------------- 1. Topic: Security vulnerabilities have been found in the Kerberos 5 implementation shipped with Red Hat Linux 6.2. 2. Relevant releases/architectures: Red Hat Linux 6.2 - i386 alpha sparc 3. Problem description: A number of possible buffer overruns were found in libraries included in the affected packages. A denial-of-service vulnerability was also found in the ksu program. * A remote user may gain unauthorized root access to a machine running services authenticated with Kerberos 4. * A remote user may gain unauthorized root access to a machine running krshd, regardless of whether the program is configured to accept Kerberos 4 authentication. * A local user may gain unauthorized root access by exploiting v4rcp or ksu. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. 5. Bug IDs fixed ( for more info): 10653 - 'stat' unresolved on "libkrb5.so.2.2" load 6. RPMs required: Red Hat Linux 6.2: intel: alpha: sparc: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 3fd11d622ba3cc897673a6ab6aef4541 6.2/alpha/krb5-configs-1.1.1-15.alpha.rpm 8a8096d690384617fcdcf6e0a8aba8ff 6.2/alpha/krb5-devel-1.1.1-15.alpha.rpm 5cbe85b8045f1980e50f2029d12316f4 6.2/alpha/krb5-libs-1.1.1-15.alpha.rpm 7686c92345d450203536bc025fd0b571 6.2/alpha/krb5-server-1.1.1-15.alpha.rpm 39acce6c4f96d96a3a0fb17297c20ed8 6.2/alpha/krb5-workstation-1.1.1-15.alpha.rpm ab4dac8b93f48de033d9b8c35200c756 6.2/i386/krb5-configs-1.1.1-15.i386.rpm c44572eebb30735cbfb0543ae00c1428 6.2/i386/krb5-devel-1.1.1-15.i386.rpm f87a05040e7d170f10c2a18eb7a82e95 6.2/i386/krb5-libs-1.1.1-15.i386.rpm b08b7910f325d25aa2ff18db635609bc 6.2/i386/krb5-server-1.1.1-15.i386.rpm 644b7de0d1a50894ea9e03d7e00ed828 6.2/i386/krb5-workstation-1.1.1-15.i386.rpm 28ceddb2f09d1f122f757d5229dc0dd7 6.2/sparc/krb5-configs-1.1.1-15.sparc.rpm cc6a1fea9cd63afb2c19f20fcf43b503 6.2/sparc/krb5-devel-1.1.1-15.sparc.rpm c3fbb341a6768a2fa9403e4ae2cce9a1 6.2/sparc/krb5-libs-1.1.1-15.sparc.rpm 2846852ed38dbd190d6bad3226fa8e53 6.2/sparc/krb5-server-1.1.1-15.sparc.rpm 3abbadd05e525df39805f5b4789e25e9 6.2/sparc/krb5-workstation-1.1.1-15.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: N/A `. The notification issued by Canonical highlights vulnerabilities concerning integer overflow and service interruption threats found in OpenSSL for Ubuntu distribution 20.04.. Kerberos Issues, Security Flaw, Red Hat Advisory, Linux Security, Root Access Risk. . Severity: Critical. LinuxSecurity.com Team

May 17, 2000 •Critical Red Hat