MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
BID:23282
Info
MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
| Bugtraq ID: | 23282 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-1216 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 03 2007 12:00AM |
| Updated: | Jun 04 2007 09:40PM |
| Credit: | SAP AG is credited with the discovery of this vulnerability. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 10.0.0 x64 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux 10 F... TurboLinux Personal TurboLinux Multimedia Turbolinux Home Turbolinux Appliance Server 2.0 Trustix Secure Linux 3.0.5 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Operating System Enterprise Server 2.0 TransSoft Broker FTP Server 8.0 SuSE SUSE Linux Enterprise Server 10 SuSE Suse Linux Enterprise Desktop 10 SuSE Linux 9.3 x86-64 SuSE Linux 9.3 x86 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc SGI ProPack 3.0 SP6 S.u.S.E. openSUSE 10.2 rPath rPath Linux 1 Redhat Linux Advanced Work Station 2.1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Enterprise Linux Desktop version 4 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Redhat Desktop 3.0 Pardus Linux 2007.1 MIT Kerberos 5 1.6 MIT Kerberos 5 1.5.1 MIT Kerberos 5 1.5 MIT Kerberos 5 1.4.3 MIT Kerberos 5 1.4.2 MIT Kerberos 5 1.4.1 MIT Kerberos 5 1.4 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 HP HP-UX B.11.31 HP HP-UX B.11.23 HP HP-UX B.11.11 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.3.9 Apple Mac OS X 10.4.9 Apple Mac OS X 10.3.9 |
| Not Vulnerable: |
MIT Kerberos 5 1.6.1 |
Discussion
MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
MIT Kerberos 5 is prone to a double-free memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code with superuser or SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will likely result in a denial-of-service conditions.
This issue also affects third-party applications using the affected API.
MIT Kerberos 5 is prone to a double-free memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code with superuser or SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will likely result in a denial-of-service conditions.
This issue also affects third-party applications using the affected API.
Exploit / POC
MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
Solution:
The vendor has released an advisory and a patch to address this issue. Please see the references for more information.
Turbolinux Turbolinux Server 10.0.0 x64
Turbolinux Appliance Server 2.0
HP HP-UX B.11.23
HP HP-UX B.11.11
MIT Kerberos 5 1.4.1
MIT Kerberos 5 1.5
MIT Kerberos 5 1.5.1
MIT Kerberos 5 1.6
Turbolinux Turbolinux Server 10.0
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.4.9
Apple Mac OS X 10.4.9
Trustix Secure Linux 2.2
SGI ProPack 3.0 SP6
Trustix Secure Linux 3.0.5
Solution:
The vendor has released an advisory and a patch to address this issue. Please see the references for more information.
Turbolinux Turbolinux Server 10.0.0 x64
-
Turbolinux krb5-devel-1.3.4-22.x86_64.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-devel-1.3.4-22.x86_64.rpm -
Turbolinux krb5-libs-1.3.4-22.x86_64.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-libs-1.3.4-22.x86_64.rpm -
Turbolinux krb5-server-1.3.4-22.x86_64.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-server-1.3.4-22.x86_64.rpm -
Turbolinux krb5-workstation-1.3.4-22.x86_64.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-workstation-1.3.4-22.x86_64.rpm
Turbolinux Appliance Server 2.0
-
Turbolinux krb5-devel-1.3.4-22.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/ -
Turbolinux krb5-devel-1.3.4-22.x86_64.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-devel-1.3.4-22.x86_64.rpm -
Turbolinux krb5-libs-1.3.4-22.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/ -
Turbolinux krb5-server-1.3.4-22.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/ -
Turbolinux krb5-workstation-1.3.4-22.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
HP HP-UX B.11.23
-
HP PHSS_34991
http://www.hp.com/go/softwaredepot/
HP HP-UX B.11.11
-
HP PHSS_36286
http://www.hp.com/go/softwaredepot/
MIT Kerberos 5 1.4.1
-
MIT 2007-003-patch.txt
http://web.mit.edu/kerberos/advisories/2007-003-patch.txt -
SuSE krb5-1.4-16.9.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/krb5-1.4-16.9.x 86_64.rpm -
SuSE krb5-1.4.1-5.5.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/krb5-1.4.1-5.5.i 586.rpm -
SuSE krb5-1.4.1-5.5.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-1.4.1-5.5 .x86_64.rpm -
SuSE krb5-1.4.3-19.10.3.i586.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-1.4.3-19.10.3.i5 86.rpm -
SuSE krb5-32bit-1.4.1-5.5.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-32bit-1.4 .1-5.5.x86_64.rpm -
SuSE krb5-apps-servers-1.4.1-5.5.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/krb5-apps-server s-1.4.1-5.5.i586.rpm -
SuSE krb5-apps-servers-1.4.1-5.5.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-apps-serv ers-1.4.1-5.5.x86_64.rpm -
SuSE krb5-apps-servers-1.4.3-19.10.3.i586.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-apps-servers-1.4 .3-19.10.3.i586.rpm -
SuSE krb5-devel-1.4.1-5.5.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/krb5-devel-1.4.1 -5.5.i586.rpm -
SuSE krb5-devel-1.4.1-5.5.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-devel-1.4 .1-5.5.x86_64.rpm -
SuSE krb5-devel-1.4.3-19.10.3.i586.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-devel-1.4.3-19.1 0.3.i586.rpm -
SuSE krb5-devel-32bit-1.4.1-5.5.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-devel-32b it-1.4.1-5.5.x86_64.rpm -
SuSE krb5-server-1.4.1-5.5.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/krb5-server-1.4. 1-5.5.i586.rpm -
SuSE krb5-server-1.4.1-5.5.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-server-1. 4.1-5.5.x86_64.rpm -
SuSE krb5-server-1.4.3-19.10.3.i586.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-server-1.4.3-19. 10.3.i586.rpm
MIT Kerberos 5 1.5
-
MIT 2007-003-patch.txt
http://web.mit.edu/kerberos/advisories/2007-003-patch.txt
MIT Kerberos 5 1.5.1
-
MIT 2007-003-patch.txt
http://web.mit.edu/kerberos/advisories/2007-003-patch.txt -
SuSE krb5-1.4.3-19.10.3.x86_64.rpm
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-1.4.3-19.10.3. x86_64.rpm -
SuSE krb5-1.5.1-23.4.i586.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-1.5.1-23.4.i586. rpm -
SuSE krb5-1.5.1-23.4.x86_64.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-1.5.1-23.4.x86 _64.rpm -
SuSE krb5-32bit-1.5.1-23.4.x86_64.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-32bit-1.5.1-23 .4.x86_64.rpm -
SuSE krb5-apps-servers-1.5.1-23.4.i586.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-apps-servers-1.5 .1-23.4.i586.rpm -
SuSE krb5-apps-servers-1.5.1-23.4.x86_64.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-apps-servers-1 .5.1-23.4.x86_64.rpm -
SuSE krb5-devel-1.5.1-23.4.i586.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-devel-1.5.1-23.4 .i586.rpm -
SuSE krb5-devel-1.5.1-23.4.x86_64.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-devel-1.5.1-23 .4.x86_64.rpm -
SuSE krb5-devel-32bit-1.5.1-23.4.x86_64.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-devel-32bit-1. 5.1-23.4.x86_64.rpm -
SuSE krb5-server-1.5.1-23.4.i586.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-server-1.5.1-23. 4.i586.rpm -
SuSE krb5-server-1.5.1-23.4.x86_64.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-server-1.5.1-2 3.4.x86_64.rpm
MIT Kerberos 5 1.6
-
MIT 2007-003-patch.txt
http://web.mit.edu/kerberos/advisories/2007-003-patch.txt
Turbolinux Turbolinux Server 10.0
-
Turbolinux krb5-debug-1.3.4-22.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-workstation-1.3.4-22.x86_64.rpm -
Turbolinux krb5-devel-1.2.5-21.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-devel-1.2.5-21.i586.rpm -
Turbolinux krb5-devel-1.2.5-21.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/krb5-devel-1.2.5-21.i586.rpm -
Turbolinux krb5-devel-1.3.4-22.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-workstation-1.3.4-22.x86_64.rpm -
Turbolinux krb5-libs-1.2.5-21.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-libs-1.2.5-21.i586.rpm -
Turbolinux krb5-libs-1.3.4-22.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-workstation-1.3.4-22.x86_64.rpm -
Turbolinux krb5-server-1.2.5-21.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-server-1.2.5-21.i586.rpm -
Turbolinux krb5-server-1.3.4-22.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-workstation-1.3.4-22.x86_64.rpm -
Turbolinux krb5-workstation-1.2.5-21.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-workstation-1.2.5-21.i586.rpm -
Turbolinux krb5-workstation-1.3.4-22.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-workstation-1.3.4-22.x86_64.rpm
Apple Mac OS X Server 10.3.9
-
Apple Security Update 2007-004 (Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13659&cat= 1&platform=osx&method=sa/SecUpd2007-004Univ.dmg
Apple Mac OS X Server 10.4.9
-
Apple Security Update 2007-004 (Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13659&cat= 1&platform=osx&method=sa/SecUpd2007-004Univ.dmg
Apple Mac OS X 10.4.9
-
Apple Security Update 2007-004 (Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13659&cat= 1&platform=osx&method=sa/SecUpd2007-004Univ.dmg
Trustix Secure Linux 2.2
-
Trustix file-4.12-1tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates/ -
Trustix file-4.12-2tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix imagemagick-6.3.3.5-1tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix imagemagick-devel-6.3.3.5-1tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kerberos5-1.3.6-7tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kerberos5-devel-1.3.6-7tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kerberos5-libs-1.3.6-7tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix perl-image-magick-6.3.3.5-1tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates
SGI ProPack 3.0 SP6
-
SGI Patch 10389
http://support.sgi.com/
Trustix Secure Linux 3.0.5
-
Trustix file-4.13-4tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix file-4.17-3tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix imagemagick-6.3.3.5-1tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix imagemagick-devel-6.3.3.5-1tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kerberos5-1.4.3-4tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kerberos5-devel-1.4.3-4tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix kerberos5-libs-1.4.3-4tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix perl-image-magick-6.3.3.5-1tr.i586.rpm
Trustix Secure Linux 3.0.5
ftp://ftp.trustix.org/pub/trustix/updates
References
MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities
References:
References: