CVE-2006-3083
CVSS7.2
发布时间 :2006-08-09 06:04:00
修订时间 :2011-07-18 00:00:00
NMCOP    

[原文]The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.


[CNNVD]MIT Kerberos 5多个本地权限提升漏洞(CNNVD-200608-159)

        Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。MIT Kerberos 5是一种常用的开源Kerberos实现。
        MIT Kerberos 5软件包中的某些工具实现上存在漏洞,本地攻击者可能利用此漏洞提升自己在系统中的权限,一般情况下可以获取管理员权限。
        MIT Kerberos 5中的某些程序没有正确检查setuid()和seteuid()这两个涉及到权限更改的调用的返回值,本地攻击者可能利用此漏洞获取root用户权限。漏洞的可利用性决定于操作系统的实现,在Linux及Solaris系统中,setuid()和seteuid()调用可能会因为系统资源的限制导致调用的失败,因此在这两个操作系统中漏洞是可利用的。
        

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-399 [资源管理错误]

- CPE (受影响的平台与产品)

cpe:/a:mit:kerberos:5-1.4.2MIT Kerberos 5 1.4.2
cpe:/a:mit:kerberos:5-1.4.1MIT Kerberos 5 1.4.1
cpe:/a:heimdal:heimdal:0.7.2
cpe:/a:mit:kerberos:5-1.4.3MIT Kerberos 5 1.4.3
cpe:/a:mit:kerberos:5-1.4MIT Kerberos 5 1.4
cpe:/a:mit:kerberos:5-1.5MIT Kerberos 5 1.5

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9515The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3083
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200608-159
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/580124
(PATCH)  CERT-VN  VU#580124
http://www.redhat.com/support/errata/RHSA-2006-0612.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0612
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
(VENDOR_ADVISORY)  CONFIRM  http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt
http://www.vupen.com/english/advisories/2006/3225
(VENDOR_ADVISORY)  VUPEN  ADV-2006-3225
http://www.ubuntu.com/usn/usn-334-1
(UNKNOWN)  UBUNTU  USN-334-1
http://www.securityfocus.com/bid/19427
(UNKNOWN)  BID  19427
http://www.securityfocus.com/archive/1/archive/1/443498/100/100/threaded
(UNKNOWN)  BUGTRAQ  20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities
http://www.securityfocus.com/archive/1/archive/1/442599/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
(UNKNOWN)  CONFIRM  http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
http://www.osvdb.org/27870
(UNKNOWN)  OSVDB  27870
http://www.osvdb.org/27869
(UNKNOWN)  OSVDB  27869
http://www.novell.com/linux/security/advisories/2006_22_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:022
http://www.novell.com/linux/security/advisories/2006_20_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:020
http://www.mandriva.com/security/advisories?name=MDKSA-2006:139
(UNKNOWN)  MANDRIVA  MDKSA-2006:139
http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml
(UNKNOWN)  GENTOO  GLSA-200608-15
http://www.debian.org/security/2006/dsa-1146
(UNKNOWN)  DEBIAN  DSA-1146
http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm
http://securitytracker.com/id?1016664
(UNKNOWN)  SECTRACK  1016664
http://security.gentoo.org/glsa/glsa-200608-21.xml
(UNKNOWN)  GENTOO  GLSA-200608-21
http://secunia.com/advisories/22291
(VENDOR_ADVISORY)  SECUNIA  22291
http://secunia.com/advisories/21847
(VENDOR_ADVISORY)  SECUNIA  21847
http://secunia.com/advisories/21613
(VENDOR_ADVISORY)  SECUNIA  21613
http://secunia.com/advisories/21527
(VENDOR_ADVISORY)  SECUNIA  21527
http://secunia.com/advisories/21467
(VENDOR_ADVISORY)  SECUNIA  21467
http://secunia.com/advisories/21461
(VENDOR_ADVISORY)  SECUNIA  21461
http://secunia.com/advisories/21456
(VENDOR_ADVISORY)  SECUNIA  21456
http://secunia.com/advisories/21441
(VENDOR_ADVISORY)  SECUNIA  21441
http://secunia.com/advisories/21439
(VENDOR_ADVISORY)  SECUNIA  21439
http://secunia.com/advisories/21436
(VENDOR_ADVISORY)  SECUNIA  21436
http://secunia.com/advisories/21423
(VENDOR_ADVISORY)  SECUNIA  21423
http://secunia.com/advisories/21402
(VENDOR_ADVISORY)  SECUNIA  21402
ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt
(UNKNOWN)  CONFIRM  ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt

- 漏洞信息

MIT Kerberos 5多个本地权限提升漏洞
高危 设计错误
2006-08-09 00:00:00 2007-08-08 00:00:00
本地  
        Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。MIT Kerberos 5是一种常用的开源Kerberos实现。
        MIT Kerberos 5软件包中的某些工具实现上存在漏洞,本地攻击者可能利用此漏洞提升自己在系统中的权限,一般情况下可以获取管理员权限。
        MIT Kerberos 5中的某些程序没有正确检查setuid()和seteuid()这两个涉及到权限更改的调用的返回值,本地攻击者可能利用此漏洞获取root用户权限。漏洞的可利用性决定于操作系统的实现,在Linux及Solaris系统中,setuid()和seteuid()调用可能会因为系统资源的限制导致调用的失败,因此在这两个操作系统中漏洞是可利用的。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://web.mit.edu/kerberos/www/advisories/index.html

- 漏洞信息 (F91602)

Mandriva Linux Security Advisory 2010-129 (PacketStormID:F91602)
2010-07-08 00:00:00
Mandriva  mandriva.com
advisory,local
linux,aix,mandriva
CVE-2006-3083,CVE-2006-3084,CVE-2010-1321
[点击下载]

Mandriva Linux Security Advisory 2010-129 - The krshd and v4rcp applications in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. The ftpd and ksu programs in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. The updated packages have been patched to correct these issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:129
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : heimdal
 Date    : July 7, 2010
 Affected: Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in heimdal:
 
 The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5)
 up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and
 (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid
 calls, which allows local users to gain privileges by causing setuid
 to fail to drop privileges using attacks such as resource exhaustion
 (CVE-2006-3083).
 
 The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to
 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not
 check return codes for setuid calls, which might allow local users to
 gain privileges by causing setuid to fail to drop privileges. NOTE:
 as of 20060808, it is not known whether an exploitable attack scenario
 exists for these issues (CVE-2006-3084).
 
 Certain invalid GSS-API tokens can cause a GSS-API acceptor (server)
 to crash due to a null pointer dereference in the GSS-API library
 (CVE-2010-1321).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
 http://www.h5l.org/advisories.html?show=2006-08-08
 http://www.h5l.org/advisories.html?show=2010-05-27
 _______________________________________________________________________

 Updated Packages:

 Corporate 4.0:
 508353086c607e0cb578ac646ca15c0c  corporate/4.0/i586/heimdal-devel-0.7.2-8.2.20060mlcs4.i586.rpm
 4c5b0d48fa172bb8e39aaccf5ae8de0c  corporate/4.0/i586/heimdal-libs-0.7.2-8.2.20060mlcs4.i586.rpm
 638c167a2e00722c131141154c78c3ae  corporate/4.0/i586/heimdal-server-0.7.2-8.2.20060mlcs4.i586.rpm
 d3d008362cb8e289a3fd0314036a8d17  corporate/4.0/i586/heimdal-workstation-0.7.2-8.2.20060mlcs4.i586.rpm 
 0e185a5ad5f4c522c39c02991f220313  corporate/4.0/SRPMS/heimdal-0.7.2-8.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 0e9e08ac49551bd485d7ec6e7881f90d  corporate/4.0/x86_64/heimdal-devel-0.7.2-8.2.20060mlcs4.x86_64.rpm
 0f4913fc15f0df07888b3e66ab7d68be  corporate/4.0/x86_64/heimdal-libs-0.7.2-8.2.20060mlcs4.x86_64.rpm
 d3b6d5225757d3eea52e0aabca3d3a7a  corporate/4.0/x86_64/heimdal-server-0.7.2-8.2.20060mlcs4.x86_64.rpm
 889807bdaa224a44c9d63eb03f66738b  corporate/4.0/x86_64/heimdal-workstation-0.7.2-8.2.20060mlcs4.x86_64.rpm 
 0e185a5ad5f4c522c39c02991f220313  corporate/4.0/SRPMS/heimdal-0.7.2-8.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMNHwFmqjQ0CJFipgRAtJjAKDg/DA6sC5UueU35PJBmT0rOEcGnACfdiuN
pKGkeUt4oli2KC1mWDiHluU=
=TJX5
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F49336)

Ubuntu Security Notice 334-1 (PacketStormID:F49336)
2006-08-27 00:00:00
Ubuntu  security.ubuntu.com
advisory,root
linux,ubuntu
CVE-2006-3083,CVE-2006-3084
[点击下载]

Ubuntu Security Notice USN-334-1 - Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid() system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid() to fail via resource starvation. In that situation, the tools will not reduce their privilege levels, and will continue operation as the root user.

=========================================================== 
Ubuntu Security Notice USN-334-1            August 16, 2006
krb5 vulnerabilities
CVE-2006-3083, CVE-2006-3084
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  krb5-clients                             1.3.6-1ubuntu0.2
  krb5-ftpd                                1.3.6-1ubuntu0.2
  krb5-rsh-server                          1.3.6-1ubuntu0.2
  krb5-user                                1.3.6-1ubuntu0.2

Ubuntu 5.10:
  krb5-clients                             1.3.6-4ubuntu0.1
  krb5-ftpd                                1.3.6-4ubuntu0.1
  krb5-rsh-server                          1.3.6-4ubuntu0.1
  krb5-user                                1.3.6-4ubuntu0.1

Ubuntu 6.06 LTS:
  krb5-clients                             1.4.3-5ubuntu0.1
  krb5-ftpd                                1.4.3-5ubuntu0.1
  krb5-rsh-server                          1.4.3-5ubuntu0.1
  krb5-user                                1.4.3-5ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Michael Calmer and Marcus Meissner discovered that several krb5 tools 
did not check the return values from setuid() system calls.  On systems 
that have configured user process limits, it may be possible for an 
attacker to cause setuid() to fail via resource starvation.  In that 
situation, the tools will not reduce their privilege levels, and will 
continue operation as the root user.

By default, Ubuntu does not ship with user process limits.

Please note that these packages are not officially supported by Ubuntu
(they are in the 'universe' component of the archive).


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.6-1ubuntu0.2.diff.gz
      Size/MD5:   664713 e5a4861877e15cb91f6dbf5935158137
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.6-1ubuntu0.2.dsc
      Size/MD5:      788 edf046e890d05828180fceec79299544
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.6.orig.tar.gz
      Size/MD5:  6526510 7974d0fc413802712998d5fc5eec2919

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.3.6-1ubuntu0.2_all.deb
      Size/MD5:   718394 62fe4ea415da1b040b8d2e82ebfca461

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.6-1ubuntu0.2_amd64.deb
      Size/MD5:   104526 f265e825f470f7d125e64ca67ab1baa4
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.6-1ubuntu0.2_amd64.deb
      Size/MD5:   216450 180d0ee16f7d82fb08cc33c9f57fae83
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.6-1ubuntu0.2_amd64.deb
      Size/MD5:    56510 3b99157b1abf76ca65589b57367a9746
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.6-1ubuntu0.2_amd64.deb
      Size/MD5:   124206 51bb620898c55c8d4968baf7c915cf82
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.6-1ubuntu0.2_amd64.deb
      Size/MD5:    82270 7354364f56ef0c9e3e2852f53aa77827
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.6-1ubuntu0.2_amd64.deb
      Size/MD5:    63018 b4399bc4b714ced3315096b816243034
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.6-1ubuntu0.2_amd64.deb
      Size/MD5:   137248 37f64a3430eb404463252f5ddf310b9b
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.6-1ubuntu0.2_amd64.deb
      Size/MD5:   177112 a171ce80ad5fe539651ca1d44fcba049
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.6-1ubuntu0.2_amd64.deb
      Size/MD5:   652010 095eb7be05716c7817a7062b010944d9
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.6-1ubuntu0.2_amd64.deb
      Size/MD5:   368902 d25bcf5493f713f6c04f216b5d536633

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.6-1ubuntu0.2_i386.deb
      Size/MD5:    92760 46dcc0c71e393f712accb32502f5fb27
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.6-1ubuntu0.2_i386.deb
      Size/MD5:   186370 f76907f8e22ea810797121db36ae5a98
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.6-1ubuntu0.2_i386.deb
      Size/MD5:    51138 b0cb6e0d875dd5cbd4501f064ab6c996
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.6-1ubuntu0.2_i386.deb
      Size/MD5:   113422 7c5b2c8965b3a70256652f2a8e7b5de7
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.6-1ubuntu0.2_i386.deb
      Size/MD5:    73622 375bd22b55ce87d9c6735611e2a9b792
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.6-1ubuntu0.2_i386.deb
      Size/MD5:    55582 b475c04c380a75586ce6620e55634abe
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.6-1ubuntu0.2_i386.deb
      Size/MD5:   125516 a033c02351b981ba7c1f14b62c6c94ca
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.6-1ubuntu0.2_i386.deb
      Size/MD5:   161336 92801e470aca62acea12a56a4ccd9d9f
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.6-1ubuntu0.2_i386.deb
      Size/MD5:   560646 fa64ac088fd2d1a9a5b42dc4e0f98d3d
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.6-1ubuntu0.2_i386.deb
      Size/MD5:   341032 2d9358a575da34874d6633fbfb9c08f6

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.6-1ubuntu0.2_powerpc.deb
      Size/MD5:   105020 dfea844c1df75d83efbcf8e84c4fd3e1
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.6-1ubuntu0.2_powerpc.deb
      Size/MD5:   217282 b08f0c5d1316edb94cf7372d317cff08
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.6-1ubuntu0.2_powerpc.deb
      Size/MD5:    56478 b34062e8e7c5e9e67826ca0f24b9600f
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.6-1ubuntu0.2_powerpc.deb
      Size/MD5:   125652 f799d32a413b27a73fa73bdd98468bdc
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.6-1ubuntu0.2_powerpc.deb
      Size/MD5:    82164 5dbb8cd1666f9222c1cef923b8df6cce
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.6-1ubuntu0.2_powerpc.deb
      Size/MD5:    61104 42f7634145ff584c4744a168e94a1773
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.6-1ubuntu0.2_powerpc.deb
      Size/MD5:   143276 59665e64fb221061e20ff6f601dc3f54
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.6-1ubuntu0.2_powerpc.deb
      Size/MD5:   165128 8b18c2e1421292c39ab0c536676a915a
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.6-1ubuntu0.2_powerpc.deb
      Size/MD5:   634530 2731b2770926d2a909e8c6112e058ba3
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.6-1ubuntu0.2_powerpc.deb
      Size/MD5:   352576 0db03c098d189cc7f45401c5e5d252a1

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.6-4ubuntu0.1.diff.gz
      Size/MD5:   683815 1ec3933b6e93acb2b5884d3645086823
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.6-4ubuntu0.1.dsc
      Size/MD5:      849 cb40c03fdca7cde12317eae6bf230148
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.3.6.orig.tar.gz
      Size/MD5:  6526510 7974d0fc413802712998d5fc5eec2919

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.3.6-4ubuntu0.1_all.deb
      Size/MD5:   825942 b73d106fdae030a199de4bddc79d2a8c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.6-4ubuntu0.1_amd64.deb
      Size/MD5:   108074 f449c1f208261824db42779f51d2437f
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.6-4ubuntu0.1_amd64.deb
      Size/MD5:   221366 8e2627cacc0eebc055fc98968444530e
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.6-4ubuntu0.1_amd64.deb
      Size/MD5:    57596 1aefe5a5950b6c6cea862b2038cb2e0b
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.6-4ubuntu0.1_amd64.deb
      Size/MD5:   130510 081c9342edc8a48bbd0fdc42aa7e0461
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.6-4ubuntu0.1_amd64.deb
      Size/MD5:    82656 b044febd05bacc9715c7b7f40657ca02
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.6-4ubuntu0.1_amd64.deb
      Size/MD5:    65108 15187362f71fd299c45945d623221bbb
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.6-4ubuntu0.1_amd64.deb
      Size/MD5:   138856 66492c04c3813dc00f9ea25264ebd468
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.6-4ubuntu0.1_amd64.deb
      Size/MD5:   180326 5615f58042993b486cbe2f6afaba855e
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.6-4ubuntu0.1_amd64.deb
      Size/MD5:   649270 0959e9874ce1b3183c598b9ee0505c13
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.6-4ubuntu0.1_amd64.deb
      Size/MD5:   364144 048aa9a6cf2e5a675e5ed0f43eb7567a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.6-4ubuntu0.1_i386.deb
      Size/MD5:    95596 a06dc078a6fa44135ab29455e199b9de
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.6-4ubuntu0.1_i386.deb
      Size/MD5:   187522 c6151b32aad7f50b3c34e9b64e3b7baa
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.6-4ubuntu0.1_i386.deb
      Size/MD5:    51910 3da181c873f21dfa783d37f3bd855944
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.6-4ubuntu0.1_i386.deb
      Size/MD5:   117528 f906614b3bab233ad4992229e88382d7
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.6-4ubuntu0.1_i386.deb
      Size/MD5:    73462 231a92c79d139dca69562b67603540d2
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.6-4ubuntu0.1_i386.deb
      Size/MD5:    56572 107d7d0b646f7a1d6baca4b3d24be4ad
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.6-4ubuntu0.1_i386.deb
      Size/MD5:   126342 1f75a18101fea8b750963df2fbc60648
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.6-4ubuntu0.1_i386.deb
      Size/MD5:   156812 6347877fcd25253e73d65a690ebbdcb5
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.6-4ubuntu0.1_i386.deb
      Size/MD5:   540190 56c29aab438c0c9f150bc08ac887712f
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.6-4ubuntu0.1_i386.deb
      Size/MD5:   328908 ad197271414102c6a0d145c015925a29

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.6-4ubuntu0.1_powerpc.deb
      Size/MD5:   109232 727090e9f1cb3a6036b85d1021b27c2c
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.6-4ubuntu0.1_powerpc.deb
      Size/MD5:   220718 90a8d79f03c0f2ec8aad328c446252ae
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.6-4ubuntu0.1_powerpc.deb
      Size/MD5:    56626 577a5062dc0f118d2dbd2474e124f1fc
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.6-4ubuntu0.1_powerpc.deb
      Size/MD5:   131704 6494e9da3da488d06b26b461ab24ca93
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.6-4ubuntu0.1_powerpc.deb
      Size/MD5:    82520 9b33529f90b698c4c19358c451bc31a7
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.6-4ubuntu0.1_powerpc.deb
      Size/MD5:    63470 73afcd05914feb2a093288e261986c7a
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.6-4ubuntu0.1_powerpc.deb
      Size/MD5:   145110 9cd29af05a557e895d24c4694e3c3570
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.6-4ubuntu0.1_powerpc.deb
      Size/MD5:   167640 a4b102ac7179daa4aa941d92c106d09f
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.6-4ubuntu0.1_powerpc.deb
      Size/MD5:   621696 bf5db246d5693b776ff166a579c4d3f7
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.6-4ubuntu0.1_powerpc.deb
      Size/MD5:   342306 b98b007af374997297db52ddade643b5

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.3.6-4ubuntu0.1_sparc.deb
      Size/MD5:    97820 bc64ee0f53a8ee87338660da8f25bab7
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.3.6-4ubuntu0.1_sparc.deb
      Size/MD5:   198526 0a2070787157cdbc8ed0921f5882cf6c
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.6-4ubuntu0.1_sparc.deb
      Size/MD5:    53674 65f24d8a48d40ca34547965bb72797cb
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.6-4ubuntu0.1_sparc.deb
      Size/MD5:   120338 5eaed55cf80b8e4f6dd193657ab1ceba
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.3.6-4ubuntu0.1_sparc.deb
      Size/MD5:    74792 e4dfcd6aac39c8701e44acc79d164773
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.3.6-4ubuntu0.1_sparc.deb
      Size/MD5:    60278 281eb7a22b50fc904f1ba97f47a65759
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.3.6-4ubuntu0.1_sparc.deb
      Size/MD5:   128640 d5d0c97475cfa3f58649bd9f2735f8ae
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.3.6-4ubuntu0.1_sparc.deb
      Size/MD5:   156248 5925f82159529a777ac317b047553c03
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.3.6-4ubuntu0.1_sparc.deb
      Size/MD5:   561006 da30d253fae30b41059ccf6caee71b4b
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.3.6-4ubuntu0.1_sparc.deb
      Size/MD5:   316974 1641a454791f13bb2fda6dd1e85ee3e6

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.1.diff.gz
      Size/MD5:  1447252 865ab4d7389d4445ae8e55cf760f820c
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.1.dsc
      Size/MD5:      850 a2def4f7b8cbdc5beaacff0647b1c684
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz
      Size/MD5:  7279788 43fe621ecb849a83ee014dfb856c54af

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-5ubuntu0.1_all.deb
      Size/MD5:   852586 b57e6bee5218001e28131766f9e72090

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.1_amd64.deb
      Size/MD5:    79548 d7f470590c36b1d0483917ebc2b795f5
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.1_amd64.deb
      Size/MD5:   222588 2254ed7b97fc2c4f751dbe5146f8d47e
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.1_amd64.deb
      Size/MD5:    59724 fe2dabb7f95232accef634b163bc1fb7
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.1_amd64.deb
      Size/MD5:   134404 0d0a278f7da8b542042fc542e62cf884
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.1_amd64.deb
      Size/MD5:    84620 cdaff300da8c62e065e1c54030d56da8
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.1_amd64.deb
      Size/MD5:    66880 4daf696403ae7020ab415602fd9801e3
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.1_amd64.deb
      Size/MD5:   129292 8de3933c99587feb18c860d4ad687bec
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.1_amd64.deb
      Size/MD5:   190048 2892a6b48f610d612c6bcdf06ebcf39d
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.1_amd64.deb
      Size/MD5:   768016 ea2a52eb981849a550a6ac381b97ecf7
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.1_amd64.deb
      Size/MD5:   425060 d70acfbb14d7ba77d6d2f3bfc8e646f5

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.1_i386.deb
      Size/MD5:    71496 5ae322935e2abbf0dc1a7cb0e8ec17c6
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.1_i386.deb
      Size/MD5:   186600 0c89076b4619b91f8d815e5c04bfd353
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.1_i386.deb
      Size/MD5:    53688 9bfb8568f0532e8cfe3647b97b34255b
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.1_i386.deb
      Size/MD5:   120992 2e1ebf92dbb4f32dccc540e7b6b08739
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.1_i386.deb
      Size/MD5:    75274 f39382718a0230ef146c8d94af16485a
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.1_i386.deb
      Size/MD5:    58044 b8cb4dde9964699d63b4cb7bdd0ca42b
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.1_i386.deb
      Size/MD5:   118374 982788fef8c44b1bbed2e60834622fbe
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.1_i386.deb
      Size/MD5:   164984 381ace76ae83e0aa4898b7d9a53be302
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.1_i386.deb
      Size/MD5:   646376 7df67cf26dcb5e320f6a675e11bbdad3
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.1_i386.deb
      Size/MD5:   380488 293bde8773cdfda1a3dbaa818f20d8f9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.1_powerpc.deb
      Size/MD5:    79578 75defd0cb404ebd2ff184aa8b71d5e72
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.1_powerpc.deb
      Size/MD5:   219926 a935f96764a894b01db176128321894f
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.1_powerpc.deb
      Size/MD5:    58936 b92740002e9f08ec82e32bf4facdb247
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.1_powerpc.deb
      Size/MD5:   135376 f080a932904bc10ff7c1abdce0b69797
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.1_powerpc.deb
      Size/MD5:    84478 84f53a7b3b7a4b3d79acc6a50c3b94e0
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.1_powerpc.deb
      Size/MD5:    65260 b9fd80bee6fb08cb0ea5c6505a5ebb63
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.1_powerpc.deb
      Size/MD5:   134266 1ae5906375e67a8064487ca36c89a430
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.1_powerpc.deb
      Size/MD5:   176912 2b2f66514f13c3ec04fd82fec6412de3
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.1_powerpc.deb
      Size/MD5:   751180 4768add9f74e50f4d75f0d34997d8570
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.1_powerpc.deb
      Size/MD5:   395282 9f58047b3e2f597b9d72b01cc2b2fc34

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.1_sparc.deb
      Size/MD5:    72126 7ea79aad632479b191d339701b3f3230
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.1_sparc.deb
      Size/MD5:   196772 f0dd11c6c165b873f3d385b546658788
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.1_sparc.deb
      Size/MD5:    55660 d25c198cf7d4bd5fa974089b115cee66
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.1_sparc.deb
      Size/MD5:   123784 85a6c5f89fc45e372ddb0b32989f9871
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.1_sparc.deb
      Size/MD5:    76278 2a3b9ae1540be8c42eb24b4743edb71d
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.1_sparc.deb
      Size/MD5:    61590 4a1838f65c9f8e01f080357d1c2357a7
    http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.1_sparc.deb
      Size/MD5:   119934 9fe244bfaeafe2f792d7104e69dbb313
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.1_sparc.deb
      Size/MD5:   164432 2ebc06c6e399af7df8c47118facee414
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.1_sparc.deb
      Size/MD5:   677684 90ff88e9481fd3a2fe59164fa0868e8c
    http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.1_sparc.deb
      Size/MD5:   368070 b2ece991e696234cf1084781be2d1a8d

    

- 漏洞信息 (F49237)

Mandriva Linux Security Advisory 2006.139 (PacketStormID:F49237)
2006-08-27 00:00:00
Mandriva  mandriva.com
advisory,kernel,local,root
linux,mandriva
CVE-2006-3083
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-139 - A flaw was discovered in some bundled Kerberos-aware packages that would fail to check the results of the setuid() call. This call can fail in some circumstances on the Linux 2.6 kernel if certain user limits are reached, which could be abused by a local attacker to get the applications to continue to run as root, possibly leading to an elevation of privilege.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:139
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : krb5
 Date    : September 9, 2006
 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A flaw was discovered in some bundled Kerberos-aware packages that
 would fail to check the results of the setuid() call.  This call can
 fail in some circumstances on the Linux 2.6 kernel if certain user
 limits are reached, which could be abused by a local attacker to get
 the applications to continue to run as root, possibly leading to an
 elevation of privilege.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 9769771585fb7b7fc6cf6feea1d6852d  2006.0/RPMS/ftp-client-krb5-1.4.2-1.1.20060mdk.i586.rpm
 132d70eb7cc47ac787ceb4490f87d308  2006.0/RPMS/ftp-server-krb5-1.4.2-1.1.20060mdk.i586.rpm
 ebcf417d249dc28511c8e6579ad832de  2006.0/RPMS/krb5-server-1.4.2-1.1.20060mdk.i586.rpm
 37eb990906dea9b113f8dde526a218ab  2006.0/RPMS/krb5-workstation-1.4.2-1.1.20060mdk.i586.rpm
 12bd0420fdfdf55433beaa839d245c7d  2006.0/RPMS/libkrb53-1.4.2-1.1.20060mdk.i586.rpm
 73ec87553b0dfdee4170c23fd42f9b33  2006.0/RPMS/libkrb53-devel-1.4.2-1.1.20060mdk.i586.rpm
 2e9bca676a7c89a2970105ec73dfd43a  2006.0/RPMS/telnet-client-krb5-1.4.2-1.1.20060mdk.i586.rpm
 309990a6c12954d0c742ae3fcc20d3f7  2006.0/RPMS/telnet-server-krb5-1.4.2-1.1.20060mdk.i586.rpm
 6b8f5083efd5c04230fb732636e78269  2006.0/SRPMS/krb5-1.4.2-1.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 7379da32042912507b45257c3ae7527a  x86_64/2006.0/RPMS/ftp-client-krb5-1.4.2-1.1.20060mdk.x86_64.rpm
 5b9c39f00856cbfe56c984636c9616ec  x86_64/2006.0/RPMS/ftp-server-krb5-1.4.2-1.1.20060mdk.x86_64.rpm
 dcbd8eb16edbaeab7f96bbbd61a63a42  x86_64/2006.0/RPMS/krb5-server-1.4.2-1.1.20060mdk.x86_64.rpm
 27f81fe2c23b1aadb77bf36a765f1f3a  x86_64/2006.0/RPMS/krb5-workstation-1.4.2-1.1.20060mdk.x86_64.rpm
 3ab0d3234686c559c0ca1363503f6632  x86_64/2006.0/RPMS/lib64krb53-1.4.2-1.1.20060mdk.x86_64.rpm
 b79453018b1fdfd10cd1e67ed77eeecb  x86_64/2006.0/RPMS/lib64krb53-devel-1.4.2-1.1.20060mdk.x86_64.rpm
 7ec7ec461afca7f7707e010310be4532  x86_64/2006.0/RPMS/telnet-client-krb5-1.4.2-1.1.20060mdk.x86_64.rpm
 e596730793941a4aedb582abb7bec0cf  x86_64/2006.0/RPMS/telnet-server-krb5-1.4.2-1.1.20060mdk.x86_64.rpm
 6b8f5083efd5c04230fb732636e78269  x86_64/2006.0/SRPMS/krb5-1.4.2-1.1.20060mdk.src.rpm

 Corporate 3.0:
 828af711a7bc04cee4de3fccba07543f  corporate/3.0/RPMS/ftp-client-krb5-1.3-6.7.C30mdk.i586.rpm
 fc41fbc471acd1d94716ba7b37094e2c  corporate/3.0/RPMS/ftp-server-krb5-1.3-6.7.C30mdk.i586.rpm
 d118695919843b28dc401994b2f8605f  corporate/3.0/RPMS/krb5-server-1.3-6.7.C30mdk.i586.rpm
 c75c0d61e7fc98123f4dbfce2b2d3109  corporate/3.0/RPMS/krb5-workstation-1.3-6.7.C30mdk.i586.rpm
 156f7354acd35590c33903d5dce0697d  corporate/3.0/RPMS/libkrb51-1.3-6.7.C30mdk.i586.rpm
 15c4329696fbcfecc7bedc62c56cf577  corporate/3.0/RPMS/libkrb51-devel-1.3-6.7.C30mdk.i586.rpm
 d88d3533f6993057eb01d9baeb8f9046  corporate/3.0/RPMS/telnet-client-krb5-1.3-6.7.C30mdk.i586.rpm
 be90de149ade08f77bf15481e4a65bf6  corporate/3.0/RPMS/telnet-server-krb5-1.3-6.7.C30mdk.i586.rpm
 b5ab69f2c45bd7fd8ddf24204126a0d1  corporate/3.0/SRPMS/krb5-1.3-6.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 52e38def3585a04f2cec5dff30d1dad2  x86_64/corporate/3.0/RPMS/ftp-client-krb5-1.3-6.7.C30mdk.x86_64.rpm
 02a6c33fc49fe58013e999e2a4773f70  x86_64/corporate/3.0/RPMS/ftp-server-krb5-1.3-6.7.C30mdk.x86_64.rpm
 c3a9e4068740aeb23667ed5d46f0b48d  x86_64/corporate/3.0/RPMS/krb5-server-1.3-6.7.C30mdk.x86_64.rpm
 9196af8c916c889cbe234acb1393faf0  x86_64/corporate/3.0/RPMS/krb5-workstation-1.3-6.7.C30mdk.x86_64.rpm
 ae7336d754a485b4f24a42f3c36fbb59  x86_64/corporate/3.0/RPMS/lib64krb51-1.3-6.7.C30mdk.x86_64.rpm
 d38b0395a79d4ea909aeaf0eefcdc9d4  x86_64/corporate/3.0/RPMS/lib64krb51-devel-1.3-6.7.C30mdk.x86_64.rpm
 9e9bc222b2d7cbfc47c1af0fabd6ffd5  x86_64/corporate/3.0/RPMS/telnet-client-krb5-1.3-6.7.C30mdk.x86_64.rpm
 afd4f60af3022e6c319eb38fb658ca24  x86_64/corporate/3.0/RPMS/telnet-server-krb5-1.3-6.7.C30mdk.x86_64.rpm
 b5ab69f2c45bd7fd8ddf24204126a0d1  x86_64/corporate/3.0/SRPMS/krb5-1.3-6.7.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 99da07eef578ea9634378d30310ea6da  mnf/2.0/RPMS/libkrb51-1.3-6.7.M20mdk.i586.rpm
 8fd9018ab4c3bed69af2466a5e587f25  mnf/2.0/SRPMS/krb5-1.3-6.7.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE2hBLmqjQ0CJFipgRAos9AKC0mteYb2PDP8yhuU0LsgFtlkTCDgCgk2xi
d/ocXoroUAfnEQeE1BGP8LM=
=+vtq
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F49221)

Debian Linux Security Advisory 1146-1 (PacketStormID:F49221)
2006-08-27 00:00:00
Debian  debian.org
advisory,local,vulnerability
linux,debian
CVE-2006-3083,CVE-2006-3084
[点击下载]

Debian Security Advisory 1146-1 - In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success and which may fail with some PAM configurations. A local user could exploit one of these vulnerabilities to result in privilege escalation. No exploit code is known to exist at this time.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1146-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 9th, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : krb5
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE IDs        : CVE-2006-3083 CVE-2006-3084
CERT advisories: VU#580124 VU#401660

In certain application programs packaged in the MIT Kerberos 5 source
distribution, calls to setuid() and seteuid() are not always checked
for success and which may fail with some PAM configurations.  A local
user could exploit one of these vulnerabilities to result in privilege
escalation.  No exploit code is known to exist at this time.

For the stable distribution (sarge) these problems have been fixed in
version 1.3.6-2sarge3.

For the unstable distribution (sid) these problems have been fixed in
version 1.4.3-9.

We recommend that you upgrade your krb5 packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge3.dsc
      Size/MD5 checksum:      782 df8c8142c32fb06bcf09d5c44d4f9ea1
    http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge3.diff.gz
      Size/MD5 checksum:   663073 2e75d18a0b91e88b3df87439d981438a
    http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz
      Size/MD5 checksum:  6526510 7974d0fc413802712998d5fc5eec2919

  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge3_all.deb
      Size/MD5 checksum:   718328 f2595b87eb8731af975215775c44e00b

  Alpha architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_alpha.deb
      Size/MD5 checksum:   113770 53afa9353cfd612c1a4ce697390f1ff1
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_alpha.deb
      Size/MD5 checksum:   246936 bbfa0e6c00e69cf2df0d6957bdcc185f
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_alpha.deb
      Size/MD5 checksum:    62396 d13ec27eb3be9b7c210887519e5c1ce3
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_alpha.deb
      Size/MD5 checksum:   136856 303321f333c9835dbef85cf4b222da73
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_alpha.deb
      Size/MD5 checksum:    89594 27eb1a246db85bbe41280ba0b558429b
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_alpha.deb
      Size/MD5 checksum:    71766 b7ecdfdeee2a15d2694cea550c172897
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_alpha.deb
      Size/MD5 checksum:   145408 fef89723c90a38d76429f00802b39619
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_alpha.deb
      Size/MD5 checksum:   200660 6801613fb91bc9e655ca301d48782f69
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_alpha.deb
      Size/MD5 checksum:   861152 aad361c2f76f13fc3d7c857831f7524a
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_alpha.deb
      Size/MD5 checksum:   422316 ab1c2ea1a3c4da8e4a53caf9e59e0725

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_amd64.deb
      Size/MD5 checksum:   104030 42f5d96cd63367c8641177d5f087c0cd
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_amd64.deb
      Size/MD5 checksum:   216384 9e52260fcac54a436280ea705a772fca
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_amd64.deb
      Size/MD5 checksum:    56438 abca496cfe9100f2e98787baf7cb9596
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_amd64.deb
      Size/MD5 checksum:   124162 d19d239b1435c4d61532b05a3ccec5ff
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_amd64.deb
      Size/MD5 checksum:    82198 01f9adf1df2dfec4705e195bfb987809
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_amd64.deb
      Size/MD5 checksum:    62948 2f214984d0398eb0b7be737e7449137f
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_amd64.deb
      Size/MD5 checksum:   137194 ef1437a40dcb3a2b693bc18b62eb5305
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_amd64.deb
      Size/MD5 checksum:   177044 fcb495788de9ace6387613104305d1fc
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_amd64.deb
      Size/MD5 checksum:   651714 9c42b3ae304ee6b99205a739e5525f2b
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_amd64.deb
      Size/MD5 checksum:   368844 a6d46ba74757d0b3290cccc7d2a071cd

  ARM architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_arm.deb
      Size/MD5 checksum:    92838 53115b51885ed7cc328d302b458bd7d1
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_arm.deb
      Size/MD5 checksum:   192330 b96c5f518c6b936ec850815dbc563444
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_arm.deb
      Size/MD5 checksum:    53132 d26a3b90c9739cc49b4832d4c6080a5a
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_arm.deb
      Size/MD5 checksum:   114880 1d3ee4ea1ed533d495a0f57a0a9b41fb
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_arm.deb
      Size/MD5 checksum:    74362 e4566a14988825c4b2b9e08de7004ac5
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_arm.deb
      Size/MD5 checksum:    57482 1d18ac632e9e60514ecf68993bccc324
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_arm.deb
      Size/MD5 checksum:   127014 f2c67cc5ac56c42c3018d817cf3cef24
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_arm.deb
      Size/MD5 checksum:   158120 3eebe39e58001ba876c6cbeb9e161487
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_arm.deb
      Size/MD5 checksum:   633252 b55abd0364621173f4c1f5261e9fa44e
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_arm.deb
      Size/MD5 checksum:   328604 092e97bd8efb2e88355663489961745b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_i386.deb
      Size/MD5 checksum:    94894 c2a63602c4f4814ed7f231f52a48e946
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_i386.deb
      Size/MD5 checksum:   190924 9926ba246c49bb908e0caeb48f0238e6
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_i386.deb
      Size/MD5 checksum:    52294 6163d519b0a430556f95508422bcce5b
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_i386.deb
      Size/MD5 checksum:   115540 db679e7f19b98a7a8ecf0d0f61f15d81
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_i386.deb
      Size/MD5 checksum:    75288 e9fbe4b10637cdf4ced94a2b566b4448
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_i386.deb
      Size/MD5 checksum:    57080 90c1841a887804d0145b0eece47b3b0b
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_i386.deb
      Size/MD5 checksum:   127358 333b35931c6e9926ff2934d320401c97
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_i386.deb
      Size/MD5 checksum:   164978 51742df7d055e4bf6af3b3f57e2ff5a1
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_i386.deb
      Size/MD5 checksum:   573980 9225372462e8ace8494213cd3fe84fb7
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_i386.deb
      Size/MD5 checksum:   348792 00b39ddc324f2d2d43f701bbe63ee5bc

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_ia64.deb
      Size/MD5 checksum:   133244 252fd8d9577459865f69f16ab7a179e0
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_ia64.deb
      Size/MD5 checksum:   288826 af4e344f133c364d8af560957a8df23b
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_ia64.deb
      Size/MD5 checksum:    73052 62d1a4cb177c6f14c64c22a68ba64c6a
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_ia64.deb
      Size/MD5 checksum:   164528 f9d8ebe91ea0337b119f39fd07deec9b
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_ia64.deb
      Size/MD5 checksum:   104690 dc8a8fd34a202798c1e420e0f4feac42
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_ia64.deb
      Size/MD5 checksum:    79314 4c4e93be3b0a1b95e1e5c7c4a62b6bda
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_ia64.deb
      Size/MD5 checksum:   166886 d502e8edb9682232a95b9178ee98bd3d
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_ia64.deb
      Size/MD5 checksum:   239670 1a8cee5fa4ddfdad17778f2ea1c6ac83
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_ia64.deb
      Size/MD5 checksum:   889306 efd994be8fb083db25f98f8edfc3b03e
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_ia64.deb
      Size/MD5 checksum:   501774 498dc695dcb25d298f5b182d65927978

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_hppa.deb
      Size/MD5 checksum:   103882 27402cf5234a4479f83c62f26be6fb00
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_hppa.deb
      Size/MD5 checksum:   223564 54808e7c3cd8722b3bd6ca6a99be0423
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_hppa.deb
      Size/MD5 checksum:    58758 232f4f80e0f83b9e01c61bb5645249f9
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_hppa.deb
      Size/MD5 checksum:   124472 df7ea8d94ea5e8d0c6da1ef9acc85836
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_hppa.deb
      Size/MD5 checksum:    81382 d0b70026412c03338c9f4f896195c94f
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_hppa.deb
      Size/MD5 checksum:    63602 322fee31f223795f689d35933b2bf9af
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_hppa.deb
      Size/MD5 checksum:   138552 686154015abdae71c518f1c0dc35c489
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_hppa.deb
      Size/MD5 checksum:   186630 fb53d4f3864d10e93e36e097d0af6826
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_hppa.deb
      Size/MD5 checksum:   669004 bfa9b717e5537352de8ba494429432ce
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_hppa.deb
      Size/MD5 checksum:   383270 997eea65966d93d16e7efbf2be95b827

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_m68k.deb
      Size/MD5 checksum:    87954 5927446895eab80283dfed1e33c39acd
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_m68k.deb
      Size/MD5 checksum:   173612 0615e8c1a45808b8c8f6cff3b8b3289e
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_m68k.deb
      Size/MD5 checksum:    49176 d53c131075c1d4f4b182788d436ac8a4
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_m68k.deb
      Size/MD5 checksum:   106894 8ffa020e4dfa1e0ced3827baa2a2b936
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_m68k.deb
      Size/MD5 checksum:    70516 290cf25961145e884733bf6375096db5
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_m68k.deb
      Size/MD5 checksum:    52818 2756537211d7e5a363c7c7fcf8f3b954
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_m68k.deb
      Size/MD5 checksum:   121568 b20e988adce800577872609ae6b992c6
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_m68k.deb
      Size/MD5 checksum:   147170 5c7439a07b085999d3ec60a85a7d09b5
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_m68k.deb
      Size/MD5 checksum:   515354 58e17a812ca5d4ae4ddd1f4bd2284f98
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_m68k.deb
      Size/MD5 checksum:   305252 81ab52f220afe10f7bef339a1f153fb4

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_mips.deb
      Size/MD5 checksum:   102714 42e5b123e67157992aeda70ed54a2c48
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_mips.deb
      Size/MD5 checksum:   226182 4e2d8b831bba0e10b34ce86a1e870c77
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_mips.deb
      Size/MD5 checksum:    57574 55c9acdfea9d46f6bee9734088a6b5ca
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_mips.deb
      Size/MD5 checksum:   128720 0b5e52310cd648be48b2a8ef9a28e9d5
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_mips.deb
      Size/MD5 checksum:    81176 e6ed192c639360fec544181448ae754b
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_mips.deb
      Size/MD5 checksum:    64850 9ac8c8b9bf28a07b9682a18b562e3b3a
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_mips.deb
      Size/MD5 checksum:   146306 b9755921995a2728dcb03528b4bfc0ed
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_mips.deb
      Size/MD5 checksum:   163540 af12479b3dab6180bdc3f64f1e901719
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_mips.deb
      Size/MD5 checksum:   679386 5732c39c6b6f8f68c48be497fd13440f
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_mips.deb
      Size/MD5 checksum:   354754 d0fb84b9a7affd2d6229022f5c200fec

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_mipsel.deb
      Size/MD5 checksum:   102984 461a4539738e1a0f1b778948336ada70
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_mipsel.deb
      Size/MD5 checksum:   225956 7bfab26d6338fe7b5ff08b125999a049
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_mipsel.deb
      Size/MD5 checksum:    57578 68f5c0d8e56d1dfb06dfbbedffbd27ce
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_mipsel.deb
      Size/MD5 checksum:   129452 6d20ff7a9dcd5be87802d5934f32f704
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_mipsel.deb
      Size/MD5 checksum:    81452 e6db8f84c86bdf4853ddb7a04fea6769
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_mipsel.deb
      Size/MD5 checksum:    64602 a4128e1c41282c37fb623dffda5f46dd
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_mipsel.deb
      Size/MD5 checksum:   146092 9181715b0f4077ebf9f11394491f052f
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_mipsel.deb
      Size/MD5 checksum:   165000 1a92c99183301405f845078b225796f2
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_mipsel.deb
      Size/MD5 checksum:   682100 b1d3ca066a847ef1006f1d8b34484480
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_mipsel.deb
      Size/MD5 checksum:   354534 8c93408a4491d5f9f67b49a27d27403d

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_powerpc.deb
      Size/MD5 checksum:   104536 10bb668587c2ae672f6f891dab5e0970
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_powerpc.deb
      Size/MD5 checksum:   217226 b8dac77f30c9f4c3fe174b61f1aa8c46
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_powerpc.deb
      Size/MD5 checksum:    56412 8ded35353ce5efd002fc1e4f53fb173b
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_powerpc.deb
      Size/MD5 checksum:   125588 56be5626dd27ef3c9b0bdf4d5de6f9a5
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_powerpc.deb
      Size/MD5 checksum:    82098 d29dc35a58982d87147e377ac5817a32
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_powerpc.deb
      Size/MD5 checksum:    61042 580be28960c04072bc2a909f9ce34cf9
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_powerpc.deb
      Size/MD5 checksum:   143232 674c3a99c81dc1f38515874731bd09af
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_powerpc.deb
      Size/MD5 checksum:   165066 319b7bd874b9e5f34d3e38eafd9c74a5
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_powerpc.deb
      Size/MD5 checksum:   634344 c987a9cd3b1a54ee41961acaebd01237
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_powerpc.deb
      Size/MD5 checksum:   352518 5157d90954b7859620e18fbbfddfa16b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_s390.deb
      Size/MD5 checksum:    98650 462d6dfab006f34f6c6436040ad8428c
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_s390.deb
      Size/MD5 checksum:   213598 0d14561167d5db582867c30e68844586
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_s390.deb
      Size/MD5 checksum:    56632 e70da2be6c9bd3ee119a9aab3fbe3ebe
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_s390.deb
      Size/MD5 checksum:   120626 52658794b6eef36c1637269293448261
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_s390.deb
      Size/MD5 checksum:    81764 0267de3b25d919036dd9b8740b7ebf27
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_s390.deb
      Size/MD5 checksum:    62714 18040cac9c66f0ce110a87d5d455e5aa
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_s390.deb
      Size/MD5 checksum:   132342 6d4f13bdbd36b0d33218d636db3b2faf
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_s390.deb
      Size/MD5 checksum:   179684 69ba3a57b66fcab029ecefa7ae09eef5
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_s390.deb
      Size/MD5 checksum:   624330 2103482460605ec90df54687c6d56751
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_s390.deb
      Size/MD5 checksum:   375578 0dc404d9ce7e00573e9fb4a024e67d8a

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_sparc.deb
      Size/MD5 checksum:    92538 64d322c748643962a60ebafd92114205
    http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_sparc.deb
      Size/MD5 checksum:   194002 eab627f7b6a794e8720d6eed45d58c52
    http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_sparc.deb
      Size/MD5 checksum:    52934 10488d7b0c2cec790a79f5b434c88479
    http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_sparc.deb
      Size/MD5 checksum:   113374 f3151e4a84c23789e5703bf6d615b723
    http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_sparc.deb
      Size/MD5 checksum:    72996 37e8825143d48b8fea57f09e0b433f8d
    http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_sparc.deb
      Size/MD5 checksum:    58268 c70dacb5c496f945220fac452771f176
    http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_sparc.deb
      Size/MD5 checksum:   126262 0575fbe57b13bc01d02f0f7784addae7
    http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_sparc.deb
      Size/MD5 checksum:   157058 bdaf3884529cbfb280a21ca608cc880a
    http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_sparc.deb
      Size/MD5 checksum:   576134 6e9b3a823d3d01a9222e5ead1507275c
    http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_sparc.deb
      Size/MD5 checksum:   329842 ebfd32dddeb86791b4c1bd393a3f335d


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE2Xw9W5ql+IAeqTIRAoPvAKCzM/cDCP7O8V0VIbtTHBQ94uuKDACdHp2/
yJztd1PrWt57tHPM9NTOodw=
=BnGu
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F49118)

MITKRB-SA-2006-001.txt (PacketStormID:F49118)
2006-08-18 00:00:00
 
advisory,local,vulnerability
CVE-2006-3083,CVE-2006-3084
[点击下载]

MIT krb5 Security Advisory 2006-001 - In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success. A local user could exploit one of these vulnerabilities to result in privilege escalation.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                 MIT krb5 Security Advisory 2006-001

Original release: 2006-08-08

Topic: multiple local privilege escalation vulnerabilities

Severity: serious

SUMMARY
=======

In certain application programs packaged in the MIT Kerberos 5 source
distribution, calls to setuid() and seteuid() are not always checked
for success.  A local user could exploit one of these vulnerabilities
to result in privilege escalation.  No exploit code is known to exist
at this time.  It is believed that the primary risk is to Linux
systems, due to the behavior of their implementation of the setuid()
and seteuid() system calls.

IMPACT
======

Actual impact depends on implementation details within a specific
operating system.  Vulnerabilities result when the OS implementations
of setuid() or seteuid() can fail due to resource exhaustion when
changing to an unprivileged user ID.  We believe that only unchecked
calls to setuid(), and not calls to seteuid(), are vulnerable on
Linux.

On AIX, Kerberos applications provided by IBM are not vulnerable.  If,
in place of or in addition to IBM-provided Kerberos applications, MIT
krb5 code is installed on an AIX system, the affected MIT krb5
applications are vulnerable to the setuid() issues listed in
CVE-2006-3083.  We believe that no other operating systems are
affected.

[CVE-2006-3083, VU#580124] The following vulnerabilities may result
from unchecked calls to setuid(), and are believed to only exist on
Linux and AIX:

* Unchecked calls to setuid() in krshd may allow a local privilege
  escalation leading to execution of programs as root.

* Unchecked calls to setuid() in the v4rcp may allow a local privilege
  escalation leading to reading, writing, or creating files as root.
  v4rcp is the remote end of a krb4-authenticated rcp operation, but
  may be executed directly by an attacker, as it is a setuid program.

[CVE-2006-3084, VU#401660] The following vulnerabilities may result
from unchecked calls to seteuid().  These vulnerabilities are not yet
known to exist on any operating system:

* Unchecked calls to seteuid() in ftpd may allow a local privilege
  escalation leading to reading, writing, or creating files as root.

* Unchecked calls to seteuid() in the ksu program may allow a local
  privilege escalation resulting in filling a file with null bytes as
  root and then deleting it (the "kdestroy" operation).

AFFECTED SOFTWARE
=================

* The above-listed programs are vulnerable in all releases of MIT
  krb5, up to and including krb5-1.5.  The krb5-1.5.1 and krb5-1.4.4
  releases will contain fixes for these problems.

FIXES
=====

* The upcoming krb5-1.5.1 and krb5-1.4.4 releases will include fixes
  for these vulnerabilities.

* Disable krshd and ftpd, and remove the setuid bit from the ksu
  binary and the v4rcp binary.

* For the krb5-1.5 release, apply the patch at

  http://web.mit.edu/kerberos/advisories/2006-001-patch_1.5.txt

  A PGP-signed version of this patch is at

  http://web.mit.edu/kerberos/advisories/2006-001-patch_1.5.txt.asc

  This patch was generated against the krb5-1.5 release, and may apply
  to earlier releases with some fuzz.  The patch also updates some
  calls to other setuid-like system calls on less-common operating
  systems, though these calls are less likely to be vulnerable.

* For the krb5-1.4.3 release, apply the patch at

  http://web.mit.edu/kerberos/advisories/2006-001-patch_1.4.3.txt

  A PGP-signed version of this patch is at

  http://web.mit.edu/kerberos/advisories/2006-001-patch_1.4.3.txt

  This patch was generated against the krb5-1.4.3 release, and may apply
  to earlier releases with some fuzz.  The patch also updates some
  calls to other setuid-like system calls on less-common operating
  systems, though these calls are less likely to be vulnerable.

REFERENCES
==========

This announcement and related security advisories may be found on the
MIT Kerberos security advisory page at:

        http://web.mit.edu/kerberos/advisories/index.html

The main MIT Kerberos web page is at:

        http://web.mit.edu/kerberos/index.html

CVE: CVE-2006-3083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083

CERT: VU#580124
http://www.kb.cert.org/vuls/id/580124

CVE: CVE-2006-3084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084

CERT: VU#401660
http://www.kb.cert.org/vuls/id/401660

ACKNOWLEDGMENTS
===============

Thanks to Michael Calmer and Marcus Meissner at SUSE for reporting
this problem.

Thanks to Shiva Persaud at IBM for information on AIX.

DETAILS
=======

Typically, setuid(), seteuid(), and similar system calls cannot fail
except in cases of inadequate privilege or system misconfiguration.
Unlike other operating systems, Linux and AIX system calls which
change the real user ID can fail if the change would cause the target
user ID to exceed its quota of allowed processes.  A local attacker
may be able to exhaust a process quota in a way which artificially
creates such a failure condition.  This may result in privilege
escalation when a program making an unchecked call to one of these
system calls expects to continue execution with reduced privilege
following the affected call, but instead continues to run as a
privileged user.

Specific places where various system calls are not checked include:

appl/bsd/krcp.c: setreuid (uncompiled code), setuid (irrelevant
                 because not installed setuid)
appl/bsd/krshd.c: setuid
appl/bsd/krsh.c: setuid (irrelevant because not installed setuid)
appl/bsd/v4rcp.c: setuid
appl/gssftp/ftpd/ftpd.c: seteuid
client/ksu/main.c: seteuid
lib/krb4/kuserok.c: seteuid (but likely irrelevant)

REVISION HISTORY
================

2006-08-08      original release

Copyright (C) 2006 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (SunOS)

iQCVAwUBRNjfg6bDgE/zdoE9AQLnKQP8DAikPgsCxRiOVj2QnX66VnBl2Nsm7irs
NeO/8yiP9QpliPk4h/6p9Q1Wc70H/C4ICWgufVDiIHbnUc4MGS4GVUzZtvQelrC1
4WTZyxLFfEZQzbNk6FUBw3W0P38IrUX2FQsLTp9R4S3iWFMI5Udkb5XX60zwo9w2
79rpIw5g8vY=
=x/vF
-----END PGP SIGNATURE-----
    

- 漏洞信息

27869
MIT Kerberos 5 krshd setuid() Local Privilege Escalation
Local Access Required Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Unknown

- 漏洞描述

MIT Kerberos 5 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the setuid() call fails in the krshd program. This flaw may lead to a loss of confidentiality and/or integrity.

- 时间线

2006-08-08 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.4.4, 1.5.1 or higher, as it has been reported to fix this vulnerability. Additionally, the vendor has released a patch to address this issue, or users may opt to apply the following workaround: Disable the affected program by removing the SUID bit

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站