• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MIT Kerberos 5 SEND-PR.SH Insecure Temporary File Creation Vulnerability

Solution:
SGI has released advisory 20050104-01-U (SGI Advanced Linux Environment 3 Security Update #24) to address various issues in SGI Advanced Linux Environment 3. This advisory includes updated SGI ProPack 3 Service Pack 3 packages and patch 10139. Please see the referenced advisory for more information.

Trustix Linux has released an advisory (TSL-2004-0050) along with fixes dealing with this issue. Please see the referenced advisory for more information.

Gentoo has released an advisory (GLSA 200410-24) to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following actions to update their computers:

emerge sync
emerge -pv ">=app-crypt/mit-krb5-1.3.4-r1"
emerge ">=app-crypt/mit-krb5-1.3.4-r1"

Fedora advisories FEDORA-2004-563 and FEDORA-2004-564 are available to address these issues in Fedora Core 2 and Fedora Core 3. Please see the referenced advisories for more information.

Fedora Legacy has released security advisory FLSA:154276 addressing this issue for RedHat Linux 7.3 and 9, and for Fedora Core 1. Please see the referenced advisory for details on obtaining and applying the appropriate updates.


MIT Kerberos 5 1.3.4

• Fedora krb5-debuginfo-1.3.6-2.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora krb5-debuginfo-1.3.6-2.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora krb5-devel-1.3.6-2.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora krb5-devel-1.3.6-2.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora krb5-libs-1.3.6-2.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora krb5-libs-1.3.6-2.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora krb5-server-1.3.6-2.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora krb5-server-1.3.6-2.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora krb5-workstation-1.3.6-2.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora krb5-workstation-1.3.6-2.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Trustix kerberos5-1.3.4-3tr.i586.rpm
  Trustix Secure Linux 2.1 & Enterprise Server 2
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix kerberos5-devel-1.3.4-3tr.i586.rpm
  Trustix Secure Linux 2.1 & Enterprise Server 2
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix kerberos5-libs-1.3.4-3tr.i586.rpm
  Trustix Secure Linux 2.1 & Enterprise Server 2
  ftp://ftp.trustix.org/pub/trustix/updates/

SGI ProPack 3.0

• SGI patch10139.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/3/patch101 39.tar.gz