__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN krb5 Security Update [Red Hat RHSA-2006:0612-8] August 9, 2006 19:00 GMT Number Q-283 ______________________________________________________________________________ PROBLEM: A flaw was found where some bundled Kerberos-aware applications would fail to check the result of the setuid() call. On Linux 2.6 kernels, the setuid() call can fail if certain user limits are hit. PLATFORM: Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS, ES, WS (v. 4) DAMAGE: A local attacker could manipulate their environment in such a way to get the applications to continue to run as root, potentially leading to an escalation of privileges. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. A local attacker could manipulate their ASSESSMENT: environment in such a way to get the applications to continue to run as root, potentially leading to an escalation of privileges. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-283.shtml ORIGINAL BULLETIN: Red Hat RHSA-2006:0612-8 https://rhn.redhat.com/errata/RHSA-2006-0612.html ADDITIONAL LINK: Debian Security Advisory DSA-1146-1 http://www.debian.org/security/2006/dsa-1146 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2006-3083 ______________________________________________________________________________ [***** Start Red Hat RHSA-2006:0612-8 *****] Important: krb5 security update Advisory: RHSA-2006:0612-8 Type: Security Advisory Issued on: 2006-08-08 Last updated on: 2006-08-08 Affected Products: Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) CVEs (cve.mitre.org): CVE-2006-3083 Details Updated krb5 packages are now available for Red Hat Enterprise Linux 4 to correct a privilege escalation security flaw. This update has been rated as having important security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found where some bundled Kerberos-aware applications would fail to check the result of the setuid() call. On Linux 2.6 kernels, the setuid() call can fail if certain user limits are hit. A local attacker could manipulate their environment in such a way to get the applications to continue to run as root, potentially leading to an escalation of privileges. (CVE-2006-3083). Users are advised to update to these erratum packages which contain a backported fix to correct this issue. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: krb5-1.3.4-33.src.rpm cea37ecb1360d88c2fdc83f5419babc1 IA-32: krb5-devel-1.3.4-33.i386.rpm 77b0759d3fcc4545c27f34d4e300cc16 krb5-libs-1.3.4-33.i386.rpm 7650a2f59eb97b17b141804e28f09d44 krb5-server-1.3.4-33.i386.rpm f3daae1ee3b0631b863635c375afe72a krb5-workstation-1.3.4-33.i386.rpm f6a4726c5d77d16ea2f0713c92f10bae x86_64: krb5-devel-1.3.4-33.x86_64.rpm feada102b3dd0995e10f63e7c53ccf65 krb5-libs-1.3.4-33.i386.rpm 7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.x86_64.rpm 368e23d9adef4244a67b2e1951d2b74b krb5-server-1.3.4-33.x86_64.rpm e0d823bbf3a2cd51b3e918ab8d669355 krb5-workstation-1.3.4-33.x86_64.rpm e1b4250df40a8d392f011b2c89f79966 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: krb5-1.3.4-33.src.rpm cea37ecb1360d88c2fdc83f5419babc1 IA-32: krb5-devel-1.3.4-33.i386.rpm 77b0759d3fcc4545c27f34d4e300cc16 krb5-libs-1.3.4-33.i386.rpm 7650a2f59eb97b17b141804e28f09d44 krb5-server-1.3.4-33.i386.rpm f3daae1ee3b0631b863635c375afe72a krb5-workstation-1.3.4-33.i386.rpm f6a4726c5d77d16ea2f0713c92f10bae IA-64: krb5-devel-1.3.4-33.ia64.rpm 5dc4a77a4b3c4492afa7f74e83d9f5d0 krb5-libs-1.3.4-33.i386.rpm 7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.ia64.rpm b15d34edd402823f6b5d1d1d0f013d8d krb5-server-1.3.4-33.ia64.rpm ce76f409b19d6824f5d1fdda67c323ef krb5-workstation-1.3.4-33.ia64.rpm 4ad475560c2723d011b6cf0faf8eca86 PPC: krb5-devel-1.3.4-33.ppc.rpm 2f5cceda4ec3dcb5a0fca0829055f512 krb5-libs-1.3.4-33.ppc.rpm de6fdc9b22ed426ba7542018e9174adb krb5-libs-1.3.4-33.ppc64.rpm 8759e9dd51c3614a5259db73e57a26a3 krb5-server-1.3.4-33.ppc.rpm 55ebf269ef488d8a281ee28fcb450383 krb5-workstation-1.3.4-33.ppc.rpm 4015802b89b7d6b92023a3da7787e30d s390: krb5-devel-1.3.4-33.s390.rpm 55995e2d6b79c58dbb85ec2af716fe78 krb5-libs-1.3.4-33.s390.rpm 811ab87d0c59091d4a0de6e748086d5e krb5-server-1.3.4-33.s390.rpm 3ec54f81728a0a9ae22afcb2855ed732 krb5-workstation-1.3.4-33.s390.rpm fe5ee4916e5aa24d499a1f8992d1036d s390x: krb5-devel-1.3.4-33.s390x.rpm 4883f400df4d8123c70604a430f92647 krb5-libs-1.3.4-33.s390.rpm 811ab87d0c59091d4a0de6e748086d5e krb5-libs-1.3.4-33.s390x.rpm 1e13d025a766bc5ab50ebe3062586ef9 krb5-server-1.3.4-33.s390x.rpm 7f3303ba3883bf0c5135cd39ed02122c krb5-workstation-1.3.4-33.s390x.rpm 1441e757a4e8e58ca29e7270a86d28ef x86_64: krb5-devel-1.3.4-33.x86_64.rpm feada102b3dd0995e10f63e7c53ccf65 krb5-libs-1.3.4-33.i386.rpm 7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.x86_64.rpm 368e23d9adef4244a67b2e1951d2b74b krb5-server-1.3.4-33.x86_64.rpm e0d823bbf3a2cd51b3e918ab8d669355 krb5-workstation-1.3.4-33.x86_64.rpm e1b4250df40a8d392f011b2c89f79966 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: krb5-1.3.4-33.src.rpm cea37ecb1360d88c2fdc83f5419babc1 IA-32: krb5-devel-1.3.4-33.i386.rpm 77b0759d3fcc4545c27f34d4e300cc16 krb5-libs-1.3.4-33.i386.rpm 7650a2f59eb97b17b141804e28f09d44 krb5-server-1.3.4-33.i386.rpm f3daae1ee3b0631b863635c375afe72a krb5-workstation-1.3.4-33.i386.rpm f6a4726c5d77d16ea2f0713c92f10bae IA-64: krb5-devel-1.3.4-33.ia64.rpm 5dc4a77a4b3c4492afa7f74e83d9f5d0 krb5-libs-1.3.4-33.i386.rpm 7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.ia64.rpm b15d34edd402823f6b5d1d1d0f013d8d krb5-server-1.3.4-33.ia64.rpm ce76f409b19d6824f5d1fdda67c323ef krb5-workstation-1.3.4-33.ia64.rpm 4ad475560c2723d011b6cf0faf8eca86 x86_64: krb5-devel-1.3.4-33.x86_64.rpm feada102b3dd0995e10f63e7c53ccf65 krb5-libs-1.3.4-33.i386.rpm 7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.x86_64.rpm 368e23d9adef4244a67b2e1951d2b74b krb5-server-1.3.4-33.x86_64.rpm e0d823bbf3a2cd51b3e918ab8d669355 krb5-workstation-1.3.4-33.x86_64.rpm e1b4250df40a8d392f011b2c89f79966 Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: krb5-1.3.4-33.src.rpm cea37ecb1360d88c2fdc83f5419babc1 IA-32: krb5-devel-1.3.4-33.i386.rpm 77b0759d3fcc4545c27f34d4e300cc16 krb5-libs-1.3.4-33.i386.rpm 7650a2f59eb97b17b141804e28f09d44 krb5-server-1.3.4-33.i386.rpm f3daae1ee3b0631b863635c375afe72a krb5-workstation-1.3.4-33.i386.rpm f6a4726c5d77d16ea2f0713c92f10bae IA-64: krb5-devel-1.3.4-33.ia64.rpm 5dc4a77a4b3c4492afa7f74e83d9f5d0 krb5-libs-1.3.4-33.i386.rpm 7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.ia64.rpm b15d34edd402823f6b5d1d1d0f013d8d krb5-server-1.3.4-33.ia64.rpm ce76f409b19d6824f5d1fdda67c323ef krb5-workstation-1.3.4-33.ia64.rpm 4ad475560c2723d011b6cf0faf8eca86 x86_64: krb5-devel-1.3.4-33.x86_64.rpm feada102b3dd0995e10f63e7c53ccf65 krb5-libs-1.3.4-33.i386.rpm 7650a2f59eb97b17b141804e28f09d44 krb5-libs-1.3.4-33.x86_64.rpm 368e23d9adef4244a67b2e1951d2b74b krb5-server-1.3.4-33.x86_64.rpm e0d823bbf3a2cd51b3e918ab8d669355 krb5-workstation-1.3.4-33.x86_64.rpm e1b4250df40a8d392f011b2c89f79966 (The unlinked packages above are only available from the Red Hat Network) References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083 http://www.redhat.com/security/updates/classification/#important Keywords setuid -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2006:0612-8 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-276: Vulnerability in Windows Explorer Q-277: Cumulative Security Update for Internet Explorer Q-273: Vulnerability in Windows Kernel Q-274: Vulnerability in Microsoft Visual Basic for Application Q-275: Vulnerabilities in Microsoft Office Q-278: Vulnerability in Microsoft Windows Q-279: Vulnerability in Windows Kernel Q-280: Vulnerabilities in Microsoft Windows Hyperlink Object Library Q-281: Freradius Q-282: Apache Security Update