French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Private Exploit & PoC Codes Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Security Vulnerabilities and Advisories Search Engine
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Fedora Security Update Fixes krb5 Remote Command Execution Vulnerabilities

Title : Fedora Security Update Fixes krb5 Remote Command Execution Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-3057
CVE ID : CVE-2007-3999 - CVE-2007-4000 - CVE-2007-4743
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-09-05

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

062bc017c8fb0037cf8647ba236036ca2b99e537 krb5-workstation-1.6.1-4.fc7.ppc64.rpm
c78319f1acfb09915789b362e42033522d845a67 krb5-server-ldap-1.6.1-4.fc7.ppc64.rpm
99100267037e5b4166890737097c40e80aa10ca1 krb5-debuginfo-1.6.1-4.fc7.ppc64.rpm
2cdca2c60cf769d0769c93e5e57cb16369734f96 krb5-devel-1.6.1-4.fc7.ppc64.rpm
8e0df85199d6504c42a654e2e2a2ff654af1855b krb5-server-1.6.1-4.fc7.ppc64.rpm
dbc6636478fca9f3f5adb52c89628d1a695ad30e krb5-workstation-clients-1.6.1-4.fc7.ppc64.rpm
437830f38c0323c7a1b43a1757fd7eba7fc177a0 krb5-libs-1.6.1-4.fc7.ppc64.rpm
f6208052c97c4e1f44256b696546e90244e43236 krb5-workstation-servers-1.6.1-4.fc7.ppc64.rpm
d7805026a66bc6ffd47734f65bc060ea7920322c krb5-workstation-servers-1.6.1-4.fc7.i386.rpm
d16ffd27efb3cedf9ae4a6b5eb8c515b49043054 krb5-server-1.6.1-4.fc7.i386.rpm
4a5683495cb1f8c2df552ac79f08723f26c577c4 krb5-libs-1.6.1-4.fc7.i386.rpm
0ae7373dfda05cf3da04439c35e2eb1a9b635cbd krb5-workstation-1.6.1-4.fc7.i386.rpm
723bd4dc92af7e6d51288139c256eb40b54c9abf krb5-debuginfo-1.6.1-4.fc7.i386.rpm
773f532d5fb4178c3649bf1b299984b24886d427 krb5-workstation-clients-1.6.1-4.fc7.i386.rpm
567dabff5da88624a4acf106599bd8229090cfeb krb5-server-ldap-1.6.1-4.fc7.i386.rpm
9c26f85f7aa102713874d4d0e1b893ef8166cd8d krb5-devel-1.6.1-4.fc7.i386.rpm
f771eaeb4b4d7b70f459ce35431399899baef4cf krb5-server-ldap-1.6.1-4.fc7.x86_64.rpm
0bb652cf7f8d87ce0b7ca8d6b37b949e6725b17c krb5-debuginfo-1.6.1-4.fc7.x86_64.rpm
30b7ab856d9e417d647203c52c8e139354400a7e krb5-server-1.6.1-4.fc7.x86_64.rpm
7a6dc0193cefea4ed9bbaa1d6b62108b392c4cd9 krb5-libs-1.6.1-4.fc7.x86_64.rpm
f79349c65bb86f59cae5a417e2f4917e65da7cbe krb5-workstation-servers-1.6.1-4.fc7.x86_64.rpm
91b8e9dc61bfb5af45a81ca85d4a18755189a586 krb5-workstation-clients-1.6.1-4.fc7.x86_64.rpm
88ae1dae7fbfde68b163423701eeb6abf8048f4d krb5-workstation-1.6.1-4.fc7.x86_64.rpm
25d40a9b7f7ea05d36cc781c088613d496c49d29 krb5-devel-1.6.1-4.fc7.x86_64.rpm
2bf1be05fca98fc46245169c1746febef78eecf4 krb5-server-1.6.1-4.fc7.ppc.rpm
48d99309aaf66885a90cbdaaaeab716009316700 krb5-workstation-clients-1.6.1-4.fc7.ppc.rpm
71034ed9cf5f92158bfa61fe92a24cb59d87d01a krb5-libs-1.6.1-4.fc7.ppc.rpm
e3e4a2e2af257aeb014870dad1b2f6cbc4cc518e krb5-debuginfo-1.6.1-4.fc7.ppc.rpm
f39e08a32241927e082f11b27abb1e2b3e1e19a2 krb5-workstation-servers-1.6.1-4.fc7.ppc.rpm
dc9720291f1a0e0719df47b818e800347269c6de krb5-server-ldap-1.6.1-4.fc7.ppc.rpm
32ad5f5cb95e0cfd799693c116f3510b9317a5c4 krb5-devel-1.6.1-4.fc7.ppc.rpm
6209f46411cd63fb67e37475964ebe7a0b18da00 krb5-workstation-1.6.1-4.fc7.ppc.rpm
547f500edbc0da059d472ac233267c6ae2c45603 krb5-1.6.1-4.fc7.src.rpm

ChangeLog

2007-09-05 : Initial release
2007-09-11 : Updated Solution

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities

Apple Safari Code Execution and Security Bypass Vulnerabilities

Apple iLife and Aperture Image Handling Code Execution Vulnerabilities

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple TV Multiple File Processing Code Execution Vulnerabilities

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple iPhone Code Execution and Security Bypass Vulnerabilities

Oracle and BEA Products Multiple Code Execution Vulnerabilities

Oracle Products Multiple Code Execution and Security Bypass Issues

Oracle Products Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities

IBM AIX Sendmail Header Lines Denial of Service Vulnerability

IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities

IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities

IBM Hardware Management Console Denial of Service Vulnerability

IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability

IBM DB2 Denial of Service and Information Disclosure Vulnerabilities

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy