Kerberos is a networked authentication system that uses a trusted third
party (a KDC) to authenticate clients and servers to each other.
Several double-free bugs were found in the Kerberos 5 KDC and libraries. A
remote attacker could potentially exploit these flaws to execuate arbitrary
code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-0642 and CAN-2004-0643 to these issues.
A double-free bug was also found in the krb524 server (CAN-2004-0772),
however this issue was fixed for Red Hat Enterprise Linux 2.1 users by a
previous erratum, RHSA-2003:052.
An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A
remote attacker may be able to trigger this flaw and cause a denial of
service. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0644 to this issue.
All users of krb5 should upgrade to these updated packages, which contain
backported security patches to resolve these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | krb5-workstation | < 1.2.2-31 | krb5-workstation-1.2.2-31.ia64.rpm |
RedHat | any | ia64 | krb5-devel | < 1.2.2-31 | krb5-devel-1.2.2-31.ia64.rpm |
RedHat | any | i386 | krb5-workstation | < 1.2.2-31 | krb5-workstation-1.2.2-31.i386.rpm |
RedHat | any | ia64 | krb5-server | < 1.2.2-31 | krb5-server-1.2.2-31.ia64.rpm |
RedHat | any | i386 | krb5-devel | < 1.2.2-31 | krb5-devel-1.2.2-31.i386.rpm |
RedHat | any | i386 | krb5-server | < 1.2.2-31 | krb5-server-1.2.2-31.i386.rpm |
RedHat | any | i386 | krb5-libs | < 1.2.2-31 | krb5-libs-1.2.2-31.i386.rpm |
RedHat | any | ia64 | krb5-libs | < 1.2.2-31 | krb5-libs-1.2.2-31.ia64.rpm |