• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MIT Kerberos Administration Daemon RPC Library Free Pointer Remote Code Execution Vulnerability

Solution:
The vendor has released an advisory and a patch to address this issue. Please see the references for more information.


Turbolinux Turbolinux 10 F...

• Turbolinux krb5-devel-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-devel-1.2.5-22.i586.rpm


• Turbolinux krb5-libs-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-libs-1.2.5-22.i586.rpm


• Turbolinux krb5-server-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-server-1.2.5-22.i586.rpm


• Turbolinux krb5-workstation-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-workstation-1.2.5-22.i586.rpm

TurboLinux Multimedia

• Turbolinux krb5-devel-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-devel-1.2.5-22.i586.rpm


• Turbolinux krb5-libs-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-libs-1.2.5-22.i586.rpm


• Turbolinux krb5-server-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-server-1.2.5-22.i586.rpm


• Turbolinux krb5-workstation-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-workstation-1.2.5-22.i586.rpm

MIT Kerberos 5 1.0

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.0.6

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.0.8

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.1

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.1.1

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.2

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.2.5

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.2.8

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.3.1

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.3.3

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.3.4

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.3.5

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.3.6

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.4.2

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.5

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.5.1

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.5.2

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.5.3

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

MIT Kerberos 5 1.5.4

• MIT 2007-004-patch.txt.asc
  http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc

Turbolinux Turbolinux Desktop 10.0

• Turbolinux krb5-devel-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-devel-1.2.5-22.i586.rpm


• Turbolinux krb5-libs-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-libs-1.2.5-22.i586.rpm


• Turbolinux krb5-server-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-server-1.2.5-22.i586.rpm


• Turbolinux krb5-workstation-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-workstation-1.2.5-22.i586.rpm

Apple Mac OS X Server 10.3.9

• Apple SecUpdSrvr2007-007Pan.dmg For Mac OS X Server v10.3.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.3.9

• Apple SecUpd2007-007Pan.dmg For Mac OS X v10.3.9
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.10

• Apple SecUpd2007-007Ti.dmg For Mac OS X v10.4.10 (PowerPC)
  http://www.apple.com/support/downloads/


• Apple SecUpd2007-007Univ.dmg For Mac OS X v10.4.10 (Universal)
  http://www.apple.com/support/downloads/

SGI ProPack 3.0 SP6

• SGI Patch 10421
  ftp://oss.sgi.com/projects/sgi_propack/download/

Trustix Secure Linux 3.0

• Trustix kerberos5-1.4.1-9tr.i586.rpm
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix kerberos5-devel-1.4.1-9tr.i586.rpm
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix kerberos5-libs-1.4.1-9tr.i586.rpm
  ftp://ftp.trustix.org/pub/trustix/updates/

Trustix Secure Linux 3.0.5

• Trustix kerberos5-1.4.3-5tr.i586.rpm
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix kerberos5-devel-1.4.3-5tr.i586.rpm
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix kerberos5-libs-1.4.3-5tr.i586.rpm
  ftp://ftp.trustix.org/pub/trustix/updates/

TransSoft Broker FTP Server 8.0

• Turbolinux krb5-devel-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/krb5-devel-1.2.5-22.i586.rpm


• Turbolinux krb5-libs-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/krb5-libs-1.2.5-22.i586.rpm


• Turbolinux krb5-server-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/krb5-server-1.2.5-22.i586.rpm


• Turbolinux krb5-workstation-1.2.5-22.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/krb5-workstation-1.2.5-22.i586.rpm