Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Производитель ПО
Наименование ПО
krb5
(Unknown)
Описание
Переполнение буфера в библиотеке RPC , используемой в libgssrpc и kadmind в MIT Kerberos позволяет злоумышленникам, действующим удаленно, выполнить произвольный код, используя большое количество дескрипторов открытых файлов.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://web.mit.edu/kerberos/www/
http://web.mit.edu/kerberos/www/
Ссылки
CERT-VN (VU#374121): http://www.kb.cert.org/vuls/id/374121
CERT (TA08-079B): http://www.us-cert.gov/cas/techalerts/TA08-079B.html
XF (krb5-rpclibrary-bo(41273)): http://xforce.iss.net/xforce/xfdb/41273
BUGTRAQ (20080318 MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (resend, corrected subject)): http://www.securityfocus.com/archive/1/archive/1/489784/100/0/threaded
BUGTRAQ (20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc): http://www.securityfocus.com/archive/1/archive/1/489762/100/0/threaded
CONFIRM (http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt): http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt
FEDORA (FEDORA-2008-2647): https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
FEDORA (FEDORA-2008-2637): https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
UBUNTU (USN-587-1): http://www.ubuntu.com/usn/usn-587-1
SECTRACK (1019631): http://www.securitytracker.com/id?1019631
BID (28302): http://www.securityfocus.com/bid/28302
BUGTRAQ (20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation): http://www.securityfocus.com/archive/1/archive/1/489883/100/0/threaded
REDHAT (RHSA-2008:0164): http://www.redhat.com/support/errata/RHSA-2008-0164.html
MANDRIVA (MDVSA-2008:070): http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
MANDRIVA (MDVSA-2008:069): http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
VUPEN (ADV-2008-1102): http://www.frsirt.com/english/advisories/2008/1102/references
VUPEN (ADV-2008-0922): http://www.frsirt.com/english/advisories/2008/0922/references
DEBIAN (DSA-1524): http://www.debian.org/security/2008/dsa-1524
CONFIRM (http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112): http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
CONFIRM (http://wiki.rpath.com/Advisories:rPSA-2008-0112): http://wiki.rpath.com/Advisories:rPSA-2008-0112
CONFIRM (http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html): http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
CONFIRM (http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html): http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
SREASON (3752): http://securityreason.com/securityalert/3752
GENTOO (GLSA-200803-31): http://security.gentoo.org/glsa/glsa-200803-31.xml
SUSE (SUSE-SA:2008:016): http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
CERT (TA08-079B): http://www.us-cert.gov/cas/techalerts/TA08-079B.html
XF (krb5-rpclibrary-bo(41273)): http://xforce.iss.net/xforce/xfdb/41273
BUGTRAQ (20080318 MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (resend, corrected subject)): http://www.securityfocus.com/archive/1/archive/1/489784/100/0/threaded
BUGTRAQ (20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc): http://www.securityfocus.com/archive/1/archive/1/489762/100/0/threaded
CONFIRM (http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt): http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt
FEDORA (FEDORA-2008-2647): https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
FEDORA (FEDORA-2008-2637): https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
UBUNTU (USN-587-1): http://www.ubuntu.com/usn/usn-587-1
SECTRACK (1019631): http://www.securitytracker.com/id?1019631
BID (28302): http://www.securityfocus.com/bid/28302
BUGTRAQ (20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation): http://www.securityfocus.com/archive/1/archive/1/489883/100/0/threaded
REDHAT (RHSA-2008:0164): http://www.redhat.com/support/errata/RHSA-2008-0164.html
MANDRIVA (MDVSA-2008:070): http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
MANDRIVA (MDVSA-2008:069): http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
VUPEN (ADV-2008-1102): http://www.frsirt.com/english/advisories/2008/1102/references
VUPEN (ADV-2008-0922): http://www.frsirt.com/english/advisories/2008/0922/references
DEBIAN (DSA-1524): http://www.debian.org/security/2008/dsa-1524
CONFIRM (http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112): http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
CONFIRM (http://wiki.rpath.com/Advisories:rPSA-2008-0112): http://wiki.rpath.com/Advisories:rPSA-2008-0112
CONFIRM (http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html): http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
CONFIRM (http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html): http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
SREASON (3752): http://securityreason.com/securityalert/3752
GENTOO (GLSA-200803-31): http://security.gentoo.org/glsa/glsa-200803-31.xml
SUSE (SUSE-SA:2008:016): http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html