-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:129 http://www.mandriva.com/security/ _______________________________________________________________________ Package : heimdal Date : July 7, 2010 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in heimdal: The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion (CVE-2006-3083). The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues (CVE-2006-3084). Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library (CVE-2010-1321). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://www.h5l.org/advisories.html?show=2006-08-08 http://www.h5l.org/advisories.html?show=2010-05-27 _______________________________________________________________________ Updated Packages: Corporate 4.0: 508353086c607e0cb578ac646ca15c0c corporate/4.0/i586/heimdal-devel-0.7.2-8.2.20060mlcs4.i586.rpm 4c5b0d48fa172bb8e39aaccf5ae8de0c corporate/4.0/i586/heimdal-libs-0.7.2-8.2.20060mlcs4.i586.rpm 638c167a2e00722c131141154c78c3ae corporate/4.0/i586/heimdal-server-0.7.2-8.2.20060mlcs4.i586.rpm d3d008362cb8e289a3fd0314036a8d17 corporate/4.0/i586/heimdal-workstation-0.7.2-8.2.20060mlcs4.i586.rpm 0e185a5ad5f4c522c39c02991f220313 corporate/4.0/SRPMS/heimdal-0.7.2-8.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 0e9e08ac49551bd485d7ec6e7881f90d corporate/4.0/x86_64/heimdal-devel-0.7.2-8.2.20060mlcs4.x86_64.rpm 0f4913fc15f0df07888b3e66ab7d68be corporate/4.0/x86_64/heimdal-libs-0.7.2-8.2.20060mlcs4.x86_64.rpm d3b6d5225757d3eea52e0aabca3d3a7a corporate/4.0/x86_64/heimdal-server-0.7.2-8.2.20060mlcs4.x86_64.rpm 889807bdaa224a44c9d63eb03f66738b corporate/4.0/x86_64/heimdal-workstation-0.7.2-8.2.20060mlcs4.x86_64.rpm 0e185a5ad5f4c522c39c02991f220313 corporate/4.0/SRPMS/heimdal-0.7.2-8.2.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMNHwFmqjQ0CJFipgRAtJjAKDg/DA6sC5UueU35PJBmT0rOEcGnACfdiuN pKGkeUt4oli2KC1mWDiHluU= =TJX5 -----END PGP SIGNATURE-----