int(1296)

Boletines de Vulnerabilidades

Vulnerabilidad de integridad en Kerberos

Clasificación de la vulnerabilidad
Propiedad Valor
Nivel de Confianza Oficial
Impacto Integridad
Dificultad Avanzado
Requerimientos del atacante Acceso remoto con cuenta

Información sobre el sistema
Propiedad Valor
Fabricante afectado GNU/Linux
Software afectado Kerberos

Descripción
Se ha encontrado una vulnerabilidad de archivos temporales en la aplicación krb5-send-pr de Kerberos.

Un atacante podría crear un archivo temporal que podría permitir que un archivo arbitrario fuera sobreescrito.

Solución


Actualización de software

Red Hat Linux

Red Hat Desktop (v. 3) / SRPMS:
krb5-1.2.7-38.src.rpm

Red Hat Desktop (v. 3) / IA-32:
krb5-devel-1.2.7-38.i386.rpm
krb5-libs-1.2.7-38.i386.rpm
krb5-workstation-1.2.7-38.i386.rpm

Red Hat Desktop (v. 3) / x86_64:
krb5-devel-1.2.7-38.x86_64.rpm
krb5-libs-1.2.7-38.i386.rpm
krb5-libs-1.2.7-38.x86_64.rpm
krb5-workstation-1.2.7-38.x86_64.rpm

Red Hat Enterprise Linux AS (v. 2.1) / SRPMS:
krb5-1.2.2-32.src.rpm

Red Hat Enterprise Linux AS (v. 2.1) / IA-32:
krb5-devel-1.2.2-32.i386.rpm
krb5-libs-1.2.2-32.i386.rpm
krb5-server-1.2.2-32.i386.rpm
krb5-workstation-1.2.2-32.i386.rpm

Red Hat Enterprise Linux AS (v. 2.1) / IA-64:
krb5-devel-1.2.2-32.ia64.rpm
krb5-libs-1.2.2-32.ia64.rpm
krb5-server-1.2.2-32.ia64.rpm
krb5-workstation-1.2.2-32.ia64.rpm

Red Hat Enterprise Linux AS (v. 3) / SRPMS:
krb5-1.2.7-38.src.rpm

Red Hat Enterprise Linux AS (v. 3) / IA-32:
krb5-devel-1.2.7-38.i386.rpm
krb5-libs-1.2.7-38.i386.rpm
krb5-server-1.2.7-38.i386.rpm
krb5-workstation-1.2.7-38.i386.rpm

Red Hat Enterprise Linux AS (v. 3) / IA-64:
krb5-devel-1.2.7-38.ia64.rpm
krb5-libs-1.2.7-38.i386.rpm
krb5-libs-1.2.7-38.ia64.rpm
krb5-server-1.2.7-38.ia64.rpm
krb5-workstation-1.2.7-38.ia64.rpm

Red Hat Enterprise Linux AS (v. 3) / PPC:
krb5-devel-1.2.7-38.ppc.rpm
krb5-libs-1.2.7-38.ppc.rpm
krb5-libs-1.2.7-38.ppc64.rpm
krb5-server-1.2.7-38.ppc.rpm
krb5-workstation-1.2.7-38.ppc.rpm

Red Hat Enterprise Linux AS (v. 3) / s390:
krb5-devel-1.2.7-38.s390.rpm
krb5-libs-1.2.7-38.s390.rpm
krb5-server-1.2.7-38.s390.rpm
krb5-workstation-1.2.7-38.s390.rpm

Red Hat Enterprise Linux AS (v. 3) / s390x:
krb5-devel-1.2.7-38.s390x.rpm
krb5-libs-1.2.7-38.s390.rpm
krb5-libs-1.2.7-38.s390x.rpm
krb5-server-1.2.7-38.s390x.rpm
krb5-workstation-1.2.7-38.s390x.rpm

Red Hat Enterprise Linux AS (v. 3) / x86_64:
krb5-devel-1.2.7-38.x86_64.rpm
krb5-libs-1.2.7-38.i386.rpm
krb5-libs-1.2.7-38.x86_64.rpm
krb5-server-1.2.7-38.x86_64.rpm
krb5-workstation-1.2.7-38.x86_64.rpm

Red Hat Enterprise Linux ES (v. 2.1) / SRPMS:
krb5-1.2.2-32.src.rpm

Red Hat Enterprise Linux ES (v. 2.1) / IA-32:
krb5-devel-1.2.2-32.i386.rpm
krb5-libs-1.2.2-32.i386.rpm
krb5-server-1.2.2-32.i386.rpm
krb5-workstation-1.2.2-32.i386.rpm

Red Hat Enterprise Linux ES (v. 3) / SRPMS:
krb5-1.2.7-38.src.rpm

Red Hat Enterprise Linux ES (v. 3) / IA-32:
krb5-devel-1.2.7-38.i386.rpm
krb5-libs-1.2.7-38.i386.rpm
krb5-server-1.2.7-38.i386.rpm
krb5-workstation-1.2.7-38.i386.rpm

Red Hat Enterprise Linux ES (v. 3) / IA-64:
krb5-devel-1.2.7-38.ia64.rpm
krb5-libs-1.2.7-38.i386.rpm
krb5-libs-1.2.7-38.ia64.rpm
krb5-server-1.2.7-38.ia64.rpm
krb5-workstation-1.2.7-38.ia64.rpm

Red Hat Enterprise Linux ES (v. 3) / x86_64:
krb5-devel-1.2.7-38.x86_64.rpm
krb5-libs-1.2.7-38.i386.rpm
krb5-libs-1.2.7-38.x86_64.rpm
krb5-server-1.2.7-38.x86_64.rpm
krb5-workstation-1.2.7-38.x86_64.rpm

Red Hat Enterprise Linux WS (v. 2.1) / SRPMS:
krb5-1.2.2-32.src.rpm

Red Hat Enterprise Linux WS (v. 2.1) / IA-32:
krb5-devel-1.2.2-32.i386.rpm
krb5-libs-1.2.2-32.i386.rpm
krb5-server-1.2.2-32.i386.rpm
krb5-workstation-1.2.2-32.i386.rpm

Red Hat Enterprise Linux WS (v. 3) / SRPMS:
krb5-1.2.7-38.src.rpm

Red Hat Enterprise Linux WS (v. 3) / IA-32:
krb5-devel-1.2.7-38.i386.rpm
krb5-libs-1.2.7-38.i386.rpm
krb5-workstation-1.2.7-38.i386.rpm

Red Hat Enterprise Linux WS (v. 3) / IA-64:
krb5-devel-1.2.7-38.ia64.rpm
krb5-libs-1.2.7-38.i386.rpm
krb5-libs-1.2.7-38.ia64.rpm
krb5-workstation-1.2.7-38.ia64.rpm

Red Hat Enterprise Linux WS (v. 3) / x86_64:
krb5-devel-1.2.7-38.x86_64.rpm
krb5-libs-1.2.7-38.i386.rpm
krb5-libs-1.2.7-38.x86_64.rpm
krb5-workstation-1.2.7-38.x86_64.rpm

Red Hat Linux Advanced Workstation 2.1 Itanium Processor / SRPMS:
krb5-1.2.2-32.src.rpm

Red Hat Enterprise Linux WS (v. 3) / IA-64:
krb5-devel-1.2.2-32.ia64.rpm
krb5-libs-1.2.2-32.ia64.rpm
krb5-server-1.2.2-32.ia64.rpm
krb5-workstation-1.2.2-32.ia64.rpm

Fedora Linux
Fedora Linux Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
Fedora Linux Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

Identificadores estándar
Propiedad Valor
CVE CAN-2004-0971
BID 11289

Recursos adicionales
Fedora Linux security advisory FEDORA-2004-563
http://www.redhat.com/archives/fedora-announce-list/2004-December/msg00089.html

Fedora Linux security advisory FEDORA-2004-564
http://www.redhat.com/archives/fedora-announce-list/2004-December/msg00090.html

Red Hat Linux Security Advisory RHSA-2005:012-10
https://rhn.redhat.com/errata/RHSA-2005-012.html

Histórico de versiones
Versión Comentario Fecha
1.0 Aviso emitido 2005-01-21

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT