• info
• discussion
• exploit
• solution
• references

MIT Kerberos / Key Distribution Center Shared Key User Spoofing Vulnerability

Solution:
Conectiva has released a security advisory (CLA-2003:639) containing fixes which address this issue. Users are advised to upgrade as soon as possible.

MIT has confirmed this vulnerability and the issue has been addressed in version 1.2.3. Users are advised to upgrade as soon as possible.


MIT Kerberos 5 1.1.1

• Red Hat krb5-configs-1.1.1-40.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-configs-1.1.1-40.i386.rpm


• Red Hat krb5-devel-1.1.1-40.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-devel-1.1.1-40.i386.rpm


• Red Hat krb5-libs-1.1.1-40.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-libs-1.1.1-40.i386.rpm


• Red Hat krb5-server-1.1.1-40.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-server-1.1.1-40.i386.rpm


• Red Hat krb5-workstation-1.1.1-40.i386.rpm
  ftp://updates.redhat.com/6.2/en/os/i386/krb5-workstation-1.1.1-40.i386 .rpm

MIT Kerberos 5 1.2

• MIT Kerberos 1.2.5
  http://web.mit.edu/kerberos/www/krb5-1.2/index.html

MIT Kerberos 5 1.2.1

• MIT Kerberos 1.2.5
  http://web.mit.edu/kerberos/www/krb5-1.2/index.html

MIT Kerberos 5 1.2.2

• MandrakeSoft ftp-client-krb5-1.2.2-17.5mdk.i586.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft ftp-client-krb5-1.2.2-17.5mdk.ppc.rpm
  Mandrake Linux 8.2/PPC
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft ftp-server-krb5-1.2.2-17.5mdk.i586.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft ftp-server-krb5-1.2.2-17.5mdk.ppc.rpm
  Mandrake Linux 8.2/PPC
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft krb5-devel-1.2.2-17.5mdk.i586.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft krb5-devel-1.2.2-17.5mdk.ppc.rpm
  Mandrake Linux 8.2/PPC
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft krb5-libs-1.2.2-17.5mdk.i586.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft krb5-libs-1.2.2-17.5mdk.i586.rpm
  Multi Network Firewall 8.2
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft krb5-libs-1.2.2-17.5mdk.ppc.rpm
  Mandrake Linux 8.2/PPC
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft krb5-server-1.2.2-17.5mdk.i586.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft krb5-server-1.2.2-17.5mdk.ppc.rpm
  Mandrake Linux 8.2/PPC
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft krb5-workstation-1.2.2-17.5mdk.i586.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft krb5-workstation-1.2.2-17.5mdk.ppc.rpm
  Mandrake Linux 8.2/PPC
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft telnet-client-krb5-1.2.2-17.5mdk.i586.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft telnet-client-krb5-1.2.2-17.5mdk.ppc.rpm
  Mandrake Linux 8.2/PPC
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft telnet-server-krb5-1.2.2-17.5mdk.i586.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• MandrakeSoft telnet-server-krb5-1.2.2-17.5mdk.ppc.rpm
  Mandrake Linux 8.2/PPC
  http://www.mandrakesecure.net/en/ftp.php


• MIT Kerberos 1.2.5
  http://web.mit.edu/kerberos/www/krb5-1.2/index.html


• Red Hat krb5-devel-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-devel-1.2.2-24.i386.rpm


• Red Hat krb5-devel-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/krb5-devel-1.2.2-24.i386.rpm


• Red Hat krb5-devel-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-devel-1.2.2-24.i386.rpm


• Red Hat krb5-devel-1.2.2-24.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/krb5-devel-1.2.2-24.ia64.rpm


• Red Hat krb5-libs-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-libs-1.2.2-24.i386.rpm


• Red Hat krb5-libs-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/krb5-libs-1.2.2-24.i386.rpm


• Red Hat krb5-libs-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-libs-1.2.2-24.i386.rpm


• Red Hat krb5-libs-1.2.2-24.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/krb5-libs-1.2.2-24.ia64.rpm


• Red Hat krb5-server-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-server-1.2.2-24.i386.rpm


• Red Hat krb5-server-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/krb5-server-1.2.2-24.i386.rpm


• Red Hat krb5-server-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-server-1.2.2-24.i386.rpm


• Red Hat krb5-server-1.2.2-24.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/krb5-server-1.2.2-24.ia64.rpm


• Red Hat krb5-workstation-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/krb5-workstation-1.2.2-24.i386 .rpm


• Red Hat krb5-workstation-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/krb5-workstation-1.2.2-24.i386 .rpm


• Red Hat krb5-workstation-1.2.2-24.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/krb5-workstation-1.2.2-24.i386 .rpm


• Red Hat krb5-workstation-1.2.2-24.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/krb5-workstation-1.2.2-24.ia64 .rpm