CVE Description: "Integer overflow in the xdrmem_getbytes() function,
and possibly other functions, of XDR (external data representation)
libraries derived from SunRPC, including libnsl, libc, glibc, and
dietlibc, allows remote attackers to execute arbitrary code via
certain integer values in length fields, a different vulnerability
Red Hat Security Advisory RHSA-2003:091-22
Updated kerberos packages fix various vulnerabilities
"Updated Kerberos packages for Red Hat Linux 9 fix a number of
vulnerabilities found in MIT Kerberos.
Kerberos is a network authentication system. The MIT Kerberos team
released an advisory describing a number of vulnerabilities that affect
kerberos packages shipped as part of Red Hat Linux 9. These issues
Vulnerabilities have been found in the triple-DES key support found in
implementation of the Kerberos IV authentication protocol included in
Kerberos. The Common Vulnerabilities and Exposures project has assigned
the name CAN-2003-0139 to this issue.
Vulnerabilities have been found in the Kerberos IV authentication
which allow an attacker with knowledge of a cross-realm key, which is
shared with another realm, to impersonate any principal in that realm to
any service in that realm. This vulnerability can only be closed by
disabling cross-realm authentication in Kerberos IV (CAN-2003-0138).
Vulnerabilities have been found in the RPC library used by the kadmin
service in Kerberos 5. A faulty length check in the RPC library exposes
kadmind to an integer overflow which can be used to crash kadmind
The Key Distribution Center (KDC) allows remote, authenticated attackers
to cause a denial of service (crash) on KDCs within the same realm via a
certain protocol request that causes the KDC to corrupt its heap
All users of Kerberos are advised to upgrade to these errata packages,
which disable cross-realm authentication by default for Kerberos IV and
which contain patches that correct these issues."
I propose the following SQL query for this vulnerability on Red Hat 9:
Status: Initial Submission
Date Modified: 2003-08-14
Platform: Red Hat 9
-- Vulnerable software exists:
o Red Hat 9 on ix86
o krb5-server rpm version prior to 1.2.7-14 is installed
SELECT 'CAN-2003-0028' FROM Placeholder WHERE EXISTS
-- ### BEGIN VULNERABLE SOFTWARE EXISTS
-- Red Hat 9
-- This query is for Red Hat 9...
(SELECT 'Red Hat 9 is installed' FROM RedHat_RPMinfo WHERE
RPMName = 'redhat-release' AND
RPMVersion = '9')
-- ...on i386 machines.
(SELECT 'ix86 architecture' FROM RedHat_Uname WHERE
MachineClass LIKE 'i_86')
-- krb5-server rpm version prior to 1.2.7-14 is installed
(SELECT 'krb5-server version < 1.2.7-14'
FROM RedHat_RPMVersionCompare WHERE
RPMName = 'krb5-server' AND
RPMTestedEpoch IS NULL AND
RPMTestedVersion = '1.2.7' AND
RPMTestedRelease = '14' AND
RPMInstalledVersion = 'earlier'
-- ### END VULNERABLE SOFTWARE EXISTS
-- ### BEGIN VULNERABLE CONFIGURATION
-- HELP: What configuration workaround help here? I can build a kerberos
-- environment, but would be greatly assisted by anyone who has one
-- of their own.
-- ### END VULNERABLE CONFIGURATION
|Free forum by Nabble||Edit this page|