RHSA-2004:350 - Security Advisory

Topic

Updated krb5 packages that improve client responsiveness and fix several
security issues are now available for Red Hat Enterprise Linux 3.

Description

Kerberos is a networked authentication system that uses a trusted third
party (a KDC) to authenticate clients and servers to each other.

Several double-free bugs were found in the Kerberos 5 KDC and libraries. A
remote attacker could potentially exploit these flaws to execuate arbitrary
code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-0642 and CAN-2004-0643 to these issues.

A double-free bug was also found in the krb524 server (CAN-2004-0772),
however this issue does not affect Red Hat Enterprise Linux 3 Kerberos
packages.

An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A
remote attacker may be able to trigger this flaw and cause a denial of
service. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0644 to this issue.

When attempting to contact a KDC, the Kerberos libraries will iterate
through the list of configured servers, attempting to contact each in turn.
If one of the servers becomes unresponsive, the client will time out and
contact the next configured server. When the library attempts to contact
the next KDC, the entire process is repeated. For applications which must
contact a KDC several times, the accumulated time spent waiting can become
significant.

This update modifies the libraries, notes which server for a given realm
last responded to a request, and attempts to contact that server first
before contacting any of the other configured servers.

All users of krb5 should upgrade to these updated packages, which contain
backported security patches to resolve these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Affected Products

• Red Hat Enterprise Linux Server 3 x86_64
• Red Hat Enterprise Linux Server 3 ia64
• Red Hat Enterprise Linux Server 3 i386
• Red Hat Enterprise Linux Workstation 3 x86_64
• Red Hat Enterprise Linux Workstation 3 ia64
• Red Hat Enterprise Linux Workstation 3 i386
• Red Hat Enterprise Linux Desktop 3 x86_64
• Red Hat Enterprise Linux Desktop 3 i386
• Red Hat Enterprise Linux for IBM z Systems 3 s390x
• Red Hat Enterprise Linux for IBM z Systems 3 s390
• Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

CVEs

• CVE-2004-0642
• CVE-2004-0643
• CVE-2004-0644

References

• http://web.mit.edu/kerberos/advisories/