Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-34
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 17 Mar 2005
 Last revised: 17 Mar 2005

 Package: krb5

 Summary: A heap overflow vulnerability exists in Kerberos V5

 More information:
    Kerberos V5 is a trusted-third-party network authentication system,
    which can improve your network's security by eliminating the use of
    insecure cleartext passwords.

    A heap-based buffer overflow vulnerability exists in krb5's add_to_history
    function.

 Impact:
    The vulnerability could allow remote attackers to execute arbitrary code.

 Affected Products:
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., 
  Turbolinux Home]
 # turbopkg
 or
 # zabom -u krb5-devel krb5-libs krb5-server krb5-workstation

 [other]
 # turbopkg
 or
 # zabom update krb5-devel krb5-libs krb5-server krb5-workstation
 ---------------------------------------------

 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   krb5-1.2.5-17.src.rpm
      5518388 90f368069a5597bb030bb178cafcd762

   Binary Packages
   Size: MD5

   krb5-devel-1.2.5-17.i586.rpm
       538302 98bde849b9f740194047210e97a7c6ba
   krb5-libs-1.2.5-17.i586.rpm
       638859 d166cedb836be940d8ed90c9a8f8b289

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   krb5-1.2.5-17.src.rpm
      5518388 5db91d52e34b286c948d99186d22483b

   Binary Packages
   Size: MD5

   krb5-devel-1.2.5-17.i586.rpm
       538962 c026c76f024ade0fa363c555c18937c4
   krb5-libs-1.2.5-17.i586.rpm
       638809 76b3a84c2fe023fc232b101f6f8bc8c9

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/krb5-1.3.4-9.src.rpm
      6397554 2d945c66d859ea24d0424c746bc2cffd

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/krb5-debug-1.3.4-9.i586.rpm
      4016005 24b69c575543fa9bb40b6fac0ffdbe4e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/krb5-devel-1.3.4-9.i586.rpm
       654684 81d48c8094e811e02506bfea952112fc
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/krb5-libs-1.3.4-9.i586.rpm
       431163 83b88cb007f2b497f0d9d971bba14a48
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/krb5-server-1.3.4-9.i586.rpm
       778975 6358ceb0d2a27dba2151818748ccb07b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/krb5-workstation-1.3.4-9.i586.rpm
       836763 7883d6376f9b9d11ecd8f005631e4acf

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/krb5-1.2.5-17.src.rpm
      5518388 e0277cf4b1fac4415cb6b91dc0e9a3e3

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-devel-1.2.5-17.i586.rpm
       578244 412921e7b995442b48ca76ec83eb2b64
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-libs-1.2.5-17.i586.rpm
       343287 9d386d490758073cbda5e50f5dd65b44
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-server-1.2.5-17.i586.rpm
       602179 0493636b1a477924aeb453d234650e61
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/krb5-workstation-1.2.5-17.i586.rpm
       591640 2e322960eaf7079d563aedeceab5d098

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/krb5-1.2.5-17.src.rpm
      5518388 0db1d83daa8d98c0e0e3b950a3d2b632

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-devel-1.2.5-17.i586.rpm
       575905 c7fc1aa3371c26416f9ee4380881be4f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-libs-1.2.5-17.i586.rpm
       639639 3d28d312f4a06832ddf240d36db94072
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-server-1.2.5-17.i586.rpm
       603121 00689459beb83a2bf6f667db991f6aac
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/krb5-workstation-1.2.5-17.i586.rpm
       602294 0e61d6f9e7e1eafbeb51a7b079aa0d13


 References:

 CVE
   [CAN-2004-1189]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1189

 --------------------------------------------------------------------------
 Revision History
    17 Mar 2005 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2005 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFCOSD3K0LzjOqIJMwRAqzLAJ4yEE8TQe1lK76fkCUVNE/hBUxEAACguuH3
4mvrVXNaAh06INL8MtvvDxc=
=DUaA
-----END PGP SIGNATURE-----




© 1998-2024 E-Soft Inc. All rights reserved.