Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Производитель ПО
Наименование ПО
krb5
(Unknown)
Описание
Уязвимость "двойное освобождение" в функции gss_krb5int_make_seal_token_v3 в lib/gssapi/krb5/k5sealv3.c в MIT Kerberos позволяет воздействовать на систему.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
Ссылки
BID (26750): http://www.securityfocus.com/bid/26750
FEDORA (FEDORA-2008-2647): https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
FEDORA (FEDORA-2008-2637): https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
CONFIRM (https://issues.rpath.com/browse/RPL-2012): https://issues.rpath.com/browse/RPL-2012
BUGTRAQ (20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation): http://www.securityfocus.com/archive/1/archive/1/489883/100/0/threaded
REDHAT (RHSA-2008:0180): http://www.redhat.com/support/errata/RHSA-2008-0180.html
REDHAT (RHSA-2008:0164): http://www.redhat.com/support/errata/RHSA-2008-0164.html
SUSE (SUSE-SR:2008:002): http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
MANDRIVA (MDVSA-2008:070): http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
MANDRIVA (MDVSA-2008:069): http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
VUPEN (ADV-2008-0924): http://www.frsirt.com/english/advisories/2008/0924/references
CONFIRM (http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112): http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
CONFIRM (http://wiki.rpath.com/Advisories:rPSA-2008-0112): http://wiki.rpath.com/Advisories:rPSA-2008-0112
GENTOO (GLSA-200803-31): http://security.gentoo.org/glsa/glsa-200803-31.xml
FULLDISC (20071208 Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972]): http://seclists.org/fulldisclosure/2007/Dec/0321.html
FULLDISC (20071208 MIT Kerberos 5: Multiple vulnerabilities): http://seclists.org/fulldisclosure/2007/Dec/0176.html
OSVDB (43345): http://osvdb.org/43345
APPLE (APPLE-SA-2008-03-18): http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
CONFIRM (http://docs.info.apple.com/article.html?artnum=307562): http://docs.info.apple.com/article.html?artnum=307562
MISC (http://bugs.gentoo.org/show_bug.cgi?id=199212): http://bugs.gentoo.org/show_bug.cgi?id=199212
FEDORA (FEDORA-2008-2647): https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
FEDORA (FEDORA-2008-2637): https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
CONFIRM (https://issues.rpath.com/browse/RPL-2012): https://issues.rpath.com/browse/RPL-2012
BUGTRAQ (20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation): http://www.securityfocus.com/archive/1/archive/1/489883/100/0/threaded
REDHAT (RHSA-2008:0180): http://www.redhat.com/support/errata/RHSA-2008-0180.html
REDHAT (RHSA-2008:0164): http://www.redhat.com/support/errata/RHSA-2008-0164.html
SUSE (SUSE-SR:2008:002): http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
MANDRIVA (MDVSA-2008:070): http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
MANDRIVA (MDVSA-2008:069): http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
VUPEN (ADV-2008-0924): http://www.frsirt.com/english/advisories/2008/0924/references
CONFIRM (http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112): http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
CONFIRM (http://wiki.rpath.com/Advisories:rPSA-2008-0112): http://wiki.rpath.com/Advisories:rPSA-2008-0112
GENTOO (GLSA-200803-31): http://security.gentoo.org/glsa/glsa-200803-31.xml
FULLDISC (20071208 Venustech reports of MIT krb5 vulns [CVE-2007-5894 CVE-2007-5901 CVE-2007-5902 CVE-2007-5971 CVE-2007-5972]): http://seclists.org/fulldisclosure/2007/Dec/0321.html
FULLDISC (20071208 MIT Kerberos 5: Multiple vulnerabilities): http://seclists.org/fulldisclosure/2007/Dec/0176.html
OSVDB (43345): http://osvdb.org/43345
APPLE (APPLE-SA-2008-03-18): http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
CONFIRM (http://docs.info.apple.com/article.html?artnum=307562): http://docs.info.apple.com/article.html?artnum=307562
MISC (http://bugs.gentoo.org/show_bug.cgi?id=199212): http://bugs.gentoo.org/show_bug.cgi?id=199212