BID:21214

Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability

Info

Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability

Bugtraq ID:	21214
Class:	Boundary Condition Error
CVE:	CVE-2006-5989
Remote:	Yes
Local:	No
Published:	Nov 21 2006 12:00AM
Updated:	Jan 25 2007 10:29PM
Credit:	Reported by Josh Bressers.
Vulnerable:	Redhat Fedora Core6 Redhat Fedora Core5 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux Desktop version 4 mod_auth_kerb mod_auth_kerb 5.2 mod_auth_kerb mod_auth_kerb 5.1 mod_auth_kerb mod_auth_kerb 5.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Avaya Messaging Storage Server MM3.0

Not Vulnerable:

Discussion

Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability

Apache mod_auth_kerb is prone to an off-by-one buffer-overflow condition.

The vulnerability allows for potential memory corruption.

An attacker may exploit this issue to trigger a denial-of-service condition. Arbitrary code execution may be possible, but this has not been confirmed.

Exploit / POC

Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Solution / Fix

Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability

Solution:
Please see the references for more information.

Debian Linux 3.1 ppc

Debian libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_powerpc.deb
Debian 3.1 powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_powerpc.deb

Debian libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_powerpc.deb
Debian 3.1 powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_powerpc.deb

Debian Linux 3.1 ia-64

Debian libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_ia64.deb
Debian 3.1 ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_ia64.deb

Debian libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_ia64.deb
Debian 3.1 ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_ia64.deb

Debian Linux 3.1 arm

Debian libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_arm.deb
Debian 3.1 arm architecture (ARM)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_arm.deb

Debian libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_arm.deb
Debian 3.1 arm architecture (ARM)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_arm.deb

Debian Linux 3.1 mips

Debian libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_mips.deb
Debian 3.1 mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_mips.deb

Debian libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_mips.deb
Debian 3.1 mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_mips.deb

Debian Linux 3.1 ia-32

Debian libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_i386.deb
Debian 3.1 (i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_i386.deb

Debian libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_i386.deb
Debian 3.1 (stable)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_i386.deb

Debian Linux 3.1 m68k

Debian libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_m68k.deb
Debian 3.1 m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_m68k.deb

Debian libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_m68k.deb
Debian 3.1 m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_m68k.deb

Debian Linux 3.1 mipsel

Debian libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_mipsel.deb
Debian 3.1 mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_mipsel.deb

Debian libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_mipsel.deb
Debian 3.1 mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_mipsel.deb

Debian Linux 3.1 s/390

Debian libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_s390.deb
Debian 3.1 s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_s390.deb

Debian libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_s390.deb
Debian 3.1 s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_s390.deb

Debian Linux 3.1 amd64

Debian libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_amd64.deb
Debian 3.1 amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_amd64.deb

Debian libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_ia64.deb
Debian 3.1 amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_ia64.deb

Debian Linux 3.1 hppa

Debian libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_hppa.deb
Debian 3.1 hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_hppa.deb

Debian libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_hppa.deb
Debian 3.1 hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_hppa.deb

Debian Linux 3.1 sparc

Debian libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_sparc.deb
Debian 3.1 sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_sparc.deb

Debian libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_sparc.deb
Debian 3.1 sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-k erb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_sparc.deb

References

Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability

References:

ASA-2006-270 - mod_auth_kerb security update (Avaya)
Bugzilla Bug 206736: CVE-2006-5989 mod_auth_kerb segfaults when talking to newes (RedHat)
http://rhn.redhat.com/errata/RHSA-2006-0746.html (RedHat)
Mod_auth_kerb Home Page (Mod_auth_kerb)