MIT Kerberos 5多个多个释放漏洞

漏洞信息详情

MIT Kerberos 5多个多个释放漏洞

• CNNVD编号：CNNVD-200410-072
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-0772
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2004-10-20
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  mit
• 漏洞来源：
  Will Fiveash and N…

MIT Kerberos 5 (krb5) 1.2.8版本及之前版本的krb524d中的错误操作代码存在双重释放漏洞。远程攻击者可以执行任意代码。

The vendor has released an advisory (MITKRB5-SA-2004-002) along with patches to resolve these issues. Please see the referenced advisory for further information.
Debian GNU/Linux has released an advisory (DSA 543-1) along with fixes to address these and other issues. Please see the referenced advisory for further information.
RedHat Linux has released advisory RHSA-2004:350-12 along with fixes to address these and other issues in RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information.
RedHat Linux has released advisories (FEDORA-2004-276, and FEDORA-2004-277) to address these and other issues for RedHat Fedora Core 1 and 2 respectively. Please see the referenced advisories for further information.
Cisco has released an advisory (cisco-sa-20040831-krb5) to address these and other issues for Cisco VPN 3000 series products. Please see the referenced advisory for further information on obtaining fixes.
Mandrake has released an advisory (MDKSA-2004:088) and fixes to address these issues. Please see the referenced advisory for further information on obtaining fixes.
Trustix has released an advisory (TSL-2004-0045) to address various issues in kerberos5. Please see the referenced advisory for more information.
Gentoo advisory available. Users are advised to upgrade by performing the following steps:
emerge sync
emerge -pv “>=app-crypt/mit-krb5-1.3.4”
emerge “>=app-crypt/mit-krb5-1.3.4”
Conectiva has made advisory CLSA-2004:860 along with fixes available resolving these and other issues. Please see the referenced advisory for more information.
Avaya has released advisory ASA-2004-039 dealing with these issues. Please see the referenced web advisory for more information.
OpenPKG has released advisory OpenPKG-SA-2004.039 to address these, and other issues. Please see the referenced advisory for further information.
Turbolinux has released advisory TLSA-2004-22 to address these, and other issues. Please see the referenced advisory for further information.
Sun has released Security Alert ID 57631 along with fixes for these issues. Please see the web reference for more information. On 24 Sept 2004, Sun withdrew patch 112908-15. On 28 Sept 2004, the patch has become available again with an updated Security Alert.
IBM has released an advisory (2004-09-30-ASN.1) to address these issues in AIX. Please see the referenced advisory for more information about obtaining fixes.
IBM has released information about some of these issues affecting IBM Tivoli Access Manager for e-business version 5.1. Please see the IBM ‘MIT Kerberos 5 Vulnerabilities’ reference in Web references for more information about obtaining fixes.
Apple has released an advisory (APPLE-SA-2004-12-02) dealing with this and other issues. Please see the referenced advisory for more information.
Fedora Legacy has released security advisory FLSA:154276 addressing this issue for RedHat Linux 7.3 and 9, and for Fedora Core 1. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Sun SEAM 1.0.2

• Sun 115168-05Solaris 9 x86 Platform.
  
  http://sunsolve.sun.com/search/document.do?assetkey=1-21-115168-05-1

MIT Kerberos 5 1.2.4

• Debian krb5-admin-server_1.2.4-5woody6_alpha.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_
  1.2.4-5woody6_alpha.deb
• Debian krb5-admin-server_1.2.4-5woody6_arm.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_
  1.2.4-5woody6_arm.deb
• Debian krb5-admin-server_1.2.4-5woody6_hppa.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_
  1.2.4-5woody6_hppa.deb
• Debian krb5-admin-server_1.2.4-5woody6_i386.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_
  1.2.4-5woody6_i386.deb
• Debian krb5-admin-server_1.2.4-5woody6_ia64.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_
  1.2.4-5woody6_ia64.deb
• Debian krb5-admin-server_1.2.4-5woody6_m68k.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_
  1.2.4-5woody6_m68k.deb
• Debian krb5-admin-server_1.2.4-5woody6_mips.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_
  1.2.4-5woody6_mips.deb
• Debian krb5-admin-server_1.2.4-5woody6_mipsel.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_
  1.2.4-5woody6_mipsel.deb
• Debian krb5-admin-server_1.2.4-5woody6_powerpc.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_
  1.2.4-5woody6_powerpc.deb
• Debian krb5-admin-server_1.2.4-5woody6_s390.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_
  1.2.4-5woody6_s390.deb
• Debian krb5-admin-server_1.2.4-5woody6_sparc.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_
  1.2.4-5woody6_sparc.deb
• Debian krb5-clients_1.2.4-5woody6_alpha.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4
  -5woody6_alpha.deb
• Debian krb5-clients_1.2.4-5woody6_arm.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4
  -5woody6_arm.deb
• Debian krb5-clients_1.2.4-5woody6_hppa.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4
  -5woody6_hppa.deb
• Debian krb5-clients_1.2.4-5woody6_i386.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4
  -5woody6_i386.deb
• Deb

来源:US-CERT Technical Alert: TA04-247A
名称: TA04-247A
链接:http://www.us-cert.gov/cas/techalerts/TA04-247A.html

来源:US-CERT Vulnerability Note: VU#350792
名称: VU#350792
链接:http://www.kb.cert.org/vuls/id/350792

来源: web.mit.edu
链接:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt

来源: XF
名称: kerberos-krb524d-double-free(17158)
链接:http://xforce.iss.net/xforce/xfdb/17158

来源: TRUSTIX
名称: 2004-0045
链接:http://www.trustix.net/errata/2004/0045/

来源: BID
名称: 11078
链接:http://www.securityfocus.com/bid/11078

来源: MANDRAKE
名称: MDKSA-2004:088
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:088

来源: GENTOO
名称: GLSA-200409-09
链接:http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml

来源: DEBIAN
名称: DSA-543
链接:http://www.debian.org/security/2004/dsa-543

来源: BUGTRAQ
名称: 20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109508872524753&w=2

来源: CONECTIVA
名称: CLA-2004:860
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860

来源: US Government Resource: oval:org.mitre.oval:def:4661
名称: oval:org.mitre.oval:def:4661
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4661