• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MIT Kerberos Key Distribution Center Remote Format String Vulnerabilities

Solution:
This issue has been addressed in MIT Kerberos 1.2.5 and later. Users are advised to upgrade to as soon as possible.

Red Hat has released an advisory (RHSA-2003:051-01) to address this issue.
Please see the attached adivosry reference for details on obtaining and
applying fixes.

Conectiva has released a security advisory (CLA-2003:639) containing fixes which address this issue. Users are advised to upgrade as soon as possible.


MIT Kerberos 5 1.1.1

• Red Hat krb5-configs-1.1.1-40.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-configs-1.1.1-40.i386.rpm


• Red Hat krb5-devel-1.1.1-40.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-devel-1.1.1-40.i386.rpm


• Red Hat krb5-libs-1.1.1-40.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-libs-1.1.1-40.i386.rpm


• Red Hat krb5-server-1.1.1-40.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-server-1.1.1-40.i386.rpm


• Red Hat krb5-workstation-1.1.1-40.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-workstation-1.1.1-40.i386 .rpm

MIT Kerberos 5 1.2

• MIT Kerberos 1.2.5
  http://web.mit.edu/kerberos/www/krb5-1.2/index.html

MIT Kerberos 5 1.2.1

• MIT Kerberos 1.2.5
  http://web.mit.edu/kerberos/www/krb5-1.2/index.html

MIT Kerberos 5 1.2.2

• MIT Kerberos 1.2.5
  http://web.mit.edu/kerberos/www/krb5-1.2/index.html


• Red Hat krb5-devel-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-devel-1.2.2-24.i386.rpm


• Red Hat krb5-devel-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/krb5-devel-1.2.2-24.i386.rpm


• Red Hat krb5-devel-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-devel-1.2.2-24.i386.rpm


• Red Hat krb5-devel-1.2.2-24.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/krb5-devel-1.2.2-24.ia64.rpm


• Red Hat krb5-libs-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-libs-1.2.2-24.i386.rpm


• Red Hat krb5-libs-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/krb5-libs-1.2.2-24.i386.rpm


• Red Hat krb5-libs-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-libs-1.2.2-24.i386.rpm


• Red Hat krb5-libs-1.2.2-24.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/krb5-libs-1.2.2-24.ia64.rpm


• Red Hat krb5-server-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-server-1.2.2-24.i386.rpm


• Red Hat krb5-server-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/krb5-server-1.2.2-24.i386.rpm


• Red Hat krb5-server-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-server-1.2.2-24.i386.rpm


• Red Hat krb5-server-1.2.2-24.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/krb5-server-1.2.2-24.ia64.rpm


• Red Hat krb5-workstation-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-workstation-1.2.2-24.i386 .rpm


• Red Hat krb5-workstation-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/krb5-workstation-1.2.2-24.i386 .rpm


• Red Hat krb5-workstation-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-workstation-1.2.2-24.i386 .rpm


• Red Hat krb5-workstation-1.2.2-24.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/krb5-workstation-1.2.2-24.ia64 .rpm

MIT Kerberos 5 1.2.3

• Conectiva krb5-1.2.8-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-1.2.8-1U80_1cl.i386.rp m


• Conectiva krb5-apps-clients-1.2.8-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-apps-clients-1.2.8-1U8 0_1cl.i386.rpm


• Conectiva krb5-apps-servers-1.2.8-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-apps-servers-1.2.8-1U8 0_1cl.i386.rpm


• Conectiva krb5-client-1.2.8-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-client-1.2.8-1U80_1cl. i386.rpm


• Conectiva krb5-devel-1.2.8-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-devel-1.2.8-1U80_1cl.i 386.rpm


• Conectiva krb5-devel-static-1.2.8-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-devel-static-1.2.8-1U8 0_1cl.i386.rpm


• Conectiva krb5-doc-1.2.8-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-doc-1.2.8-1U80_1cl.i38 6.rpm


• Conectiva krb5-server-1.2.8-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-server-1.2.8-1U80_1cl. i386.rpm


• MIT Kerberos 1.2.5
  http://web.mit.edu/kerberos/www/krb5-1.2/index.html

MIT Kerberos 5 1.2.4

• MIT Kerberos 1.2.5
  http://web.mit.edu/kerberos/www/krb5-1.2/index.html


• Red Hat krb5-devel-1.2.4-11.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/krb5-devel-1.2.4-11.i386.rpm


• Red Hat krb5-libs-1.2.4-11.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/krb5-libs-1.2.4-11.i386.rpm


• Red Hat krb5-server-1.2.4-11.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/krb5-server-1.2.4-11.i386.rpm


• Red Hat krb5-workstation-1.2.4-11.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/krb5-workstation-1.2.4-11.i386 .rpm