SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kerberos Vendors:   MIT
(CentOS Issues Fix) Kerberos kadmind Server Stub Memory Leaks Let Remote Authenticated Users Consume Excessive Memory Resources
SecurityTracker Alert ID:  1035398
SecurityTracker URL:  http://securitytracker.com/id/1035398
CVE Reference:   CVE-2015-8631   (Links to External Site)
Date:  Mar 24 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Kerberos. A remote authenticated user can consume excessive memory on the target system.

A remote authenticated user can send specially crafted data to cause krb5_unparse_name() to fail and leak the client and server name. This can be exploited repeatedly to consume all available memory on the target system.

Simo Sorce reported this vulnerability.

Impact:   A remote authenticated user can cause kadmind to consume all available memory resources on the target system.
Solution:   CentOS has issued a fix.

i386:
7d8bb7f093e34e23784d932fa81189657342447f31ae1b8d5db6ac6e03b1baf3 krb5-devel-1.10.3-42z1.el6_7.i686.rpm
d558d908cecd66ad67532f09fe8646d8878fb1b9f22840f8ed8f98ddd1ddad41 krb5-libs-1.10.3-42z1.el6_7.i686.rpm
c404d2a65af89a8f51260589fb5e0681fd4f0919eb1ea97acb0bc63f221efc84 krb5-pkinit-openssl-1.10.3-42z1.el6_7.i686.rpm
790c2fd8cb816a96dc622ba1400cc1d4f29a332254ffd3119627c41598f2b041 krb5-server-1.10.3-42z1.el6_7.i686.rpm
4f391dcd77d5d46d0033edafb9467f52c3ac52e2e3cd0d9a6342344041b55756 krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm
90e91a1a14ced48e6cdabf928aedae364f26c181f9028c8fde89e8fdd7c3ef8d krb5-workstation-1.10.3-42z1.el6_7.i686.rpm

x86_64:
7d8bb7f093e34e23784d932fa81189657342447f31ae1b8d5db6ac6e03b1baf3 krb5-devel-1.10.3-42z1.el6_7.i686.rpm
bcde64ca4bbc78832a5cd879b83d68a39b48c8e33ebc049b035d566d1957a785 krb5-devel-1.10.3-42z1.el6_7.x86_64.rpm
d558d908cecd66ad67532f09fe8646d8878fb1b9f22840f8ed8f98ddd1ddad41 krb5-libs-1.10.3-42z1.el6_7.i686.rpm
472a3f28b11a9da71dabe79127ffb887db8d2d732634e7488e9ab649b59671dc krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm
1aaafd87517652bea5156d56288ac325234ccd231cac4eb1ab9c81f2b84f5ee3 krb5-pkinit-openssl-1.10.3-42z1.el6_7.x86_64.rpm
f286a8956b6a9c3d8e7cd8f166f34de1709160eb6ef06a3bca9217ba5c786369 krb5-server-1.10.3-42z1.el6_7.x86_64.rpm
4f391dcd77d5d46d0033edafb9467f52c3ac52e2e3cd0d9a6342344041b55756 krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm
f30b05dd938714a3aeb4a380ce457d3c3355203b3e5649d86714765117f14813 krb5-server-ldap-1.10.3-42z1.el6_7.x86_64.rpm
01140cad02a03ba23aeca839b8f425a9effb1b755fb8c3714330765b7a941973 krb5-workstation-1.10.3-42z1.el6_7.x86_64.rpm

Source:
bac4ff36ebcbb21a49ac22999b672c6a1a49a2c6efb6abf8193316f557396c23 krb5-1.10.3-42z1.el6_7.src.rpm

Cause:   Resource error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Feb 2 2016 Kerberos kadmind Server Stub Memory Leaks Let Remote Authenticated Users Consume Excessive Memory Resources



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0493 Moderate CentOS 6 krb5 Security Update


CentOS Errata and Security Advisory 2016:0493 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0493.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
7d8bb7f093e34e23784d932fa81189657342447f31ae1b8d5db6ac6e03b1baf3  krb5-devel-1.10.3-42z1.el6_7.i686.rpm
d558d908cecd66ad67532f09fe8646d8878fb1b9f22840f8ed8f98ddd1ddad41  krb5-libs-1.10.3-42z1.el6_7.i686.rpm
c404d2a65af89a8f51260589fb5e0681fd4f0919eb1ea97acb0bc63f221efc84  krb5-pkinit-openssl-1.10.3-42z1.el6_7.i686.rpm
790c2fd8cb816a96dc622ba1400cc1d4f29a332254ffd3119627c41598f2b041  krb5-server-1.10.3-42z1.el6_7.i686.rpm
4f391dcd77d5d46d0033edafb9467f52c3ac52e2e3cd0d9a6342344041b55756  krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm
90e91a1a14ced48e6cdabf928aedae364f26c181f9028c8fde89e8fdd7c3ef8d  krb5-workstation-1.10.3-42z1.el6_7.i686.rpm

x86_64:
7d8bb7f093e34e23784d932fa81189657342447f31ae1b8d5db6ac6e03b1baf3  krb5-devel-1.10.3-42z1.el6_7.i686.rpm
bcde64ca4bbc78832a5cd879b83d68a39b48c8e33ebc049b035d566d1957a785  krb5-devel-1.10.3-42z1.el6_7.x86_64.rpm
d558d908cecd66ad67532f09fe8646d8878fb1b9f22840f8ed8f98ddd1ddad41  krb5-libs-1.10.3-42z1.el6_7.i686.rpm
472a3f28b11a9da71dabe79127ffb887db8d2d732634e7488e9ab649b59671dc  krb5-libs-1.10.3-42z1.el6_7.x86_64.rpm
1aaafd87517652bea5156d56288ac325234ccd231cac4eb1ab9c81f2b84f5ee3  krb5-pkinit-openssl-1.10.3-42z1.el6_7.x86_64.rpm
f286a8956b6a9c3d8e7cd8f166f34de1709160eb6ef06a3bca9217ba5c786369  krb5-server-1.10.3-42z1.el6_7.x86_64.rpm
4f391dcd77d5d46d0033edafb9467f52c3ac52e2e3cd0d9a6342344041b55756  krb5-server-ldap-1.10.3-42z1.el6_7.i686.rpm
f30b05dd938714a3aeb4a380ce457d3c3355203b3e5649d86714765117f14813  krb5-server-ldap-1.10.3-42z1.el6_7.x86_64.rpm
01140cad02a03ba23aeca839b8f425a9effb1b755fb8c3714330765b7a941973  krb5-workstation-1.10.3-42z1.el6_7.x86_64.rpm

Source:
bac4ff36ebcbb21a49ac22999b672c6a1a49a2c6efb6abf8193316f557396c23  krb5-1.10.3-42z1.el6_7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC