FrSIRT - Fedora Security Update Fixes krb5 Remote Command Execution Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes krb5 Remote Command Execution Vulnerabilities

Title : Fedora Security Update Fixes krb5 Remote Command Execution Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-3066
CVE ID : CVE-2007-3999 - CVE-2007-4000
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-09-06

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary code [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

31792d33dfb5074183726a017c42ad1f66206201 SRPMS/krb5-1.5-23.fc6.src.rpm
31792d33dfb5074183726a017c42ad1f66206201 noarch/krb5-1.5-23.fc6.src.rpm
e5fbc20aea94e21af48d6d46458c92854d508572 ppc/krb5-server-1.5-23.fc6.ppc.rpm
e733f71856b88af79c0b7a1eca0935ed03df1c91 ppc/krb5-workstation-1.5-23.fc6.ppc.rpm
a0b45edc229ff6d81786bace0a6fb80d3c6863c2 ppc/krb5-libs-1.5-23.fc6.ppc.rpm
9c944c93c8d756526366f03bb006b2fc2cd48165 ppc/krb5-devel-1.5-23.fc6.ppc.rpm
e8bab315888665d59369b17f770d23219bfa66c3 ppc/debug/krb5-debuginfo-1.5-23.fc6.ppc.rpm
15d406196836e10b9a301f2b22d94c68f350ee49 x86_64/debug/krb5-debuginfo-1.5-23.fc6.x86_64.rpm
ba18e35c23ea1852a7c22229981cef13fe70009c x86_64/krb5-workstation-1.5-23.fc6.x86_64.rpm
b73254b8763984dd1028765922f3b3110892dfbc x86_64/krb5-server-1.5-23.fc6.x86_64.rpm
eff8153739036c06fddd4bb52cdd4ae3f08d318e x86_64/krb5-libs-1.5-23.fc6.x86_64.rpm
6c21ffe77feb1d30fb69e84465bfbb55d94a2be1 x86_64/krb5-devel-1.5-23.fc6.x86_64.rpm
8bd1055bf64be99828c71ebce200066cafb1a76b i386/debug/krb5-debuginfo-1.5-23.fc6.i386.rpm
4c18272684dce24a4ff144a66e4f1b1f0cabd1ce i386/krb5-devel-1.5-23.fc6.i386.rpm
bb6d99b77ab5cff6583f8724e66a20fbc59a7dc3 i386/krb5-libs-1.5-23.fc6.i386.rpm
9f9f10583ed2b18e7bc2c551d0643bd00591bd66 i386/krb5-server-1.5-23.fc6.i386.rpm
54feec274ab8804c618ddf200ef6d33c97e7624e i386/krb5-workstation-1.5-23.fc6.i386.rpm

ChangeLog

2007-09-06 : Initial release
2007-09-11 : Updated Solution

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Cisco Unity Security Bypass and Denial of Service
	Cisco UCM SIP Remote Denial of Service
	Cisco IOS Denial of Service and Security Bypass Vulnerabilities
	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability
	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability

	Sun Java System Web Proxy Server FTP Heap Overflow
	Sun Solaris ACL UFS File Systems Denial of Service Vulnerability
	Sun Solaris Text Editors Tag Files Local Code Execution Vulnerability
	Sun Management Center Remote Denial of Service Vulnerability
	Sun Solaris Bzip2 Archive Handling Denial of Service Vulnerability
	Sun Solaris GNU Tar Headers Handling Buffer Overflow Vulnerability
	Sun Solaris Covert Channel Local Security Bypass Vulnerability

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities