• info
• discussion
• exploit
• solution
• references

MIT Kerberos Administration Daemon Kadmind Double Free Memory Corruption Vulnerabilities

Solution:
The vendor has released an advisory and a patch to address this issue. Please see the references for more information.


Turbolinux Turbolinux Server 10.0.0 x64

• Turbolinux krb5-devel-1.3.4-22.x86_64.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-devel-1.3.4-22.x86_64.rpm


• Turbolinux krb5-libs-1.3.4-22.x86_64.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-libs-1.3.4-22.x86_64.rpm


• Turbolinux krb5-server-1.3.4-22.x86_64.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-server-1.3.4-22.x86_64.rpm


• Turbolinux krb5-workstation-1.3.4-22.x86_64.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-workstation-1.3.4-22.x86_64.rpm

Turbolinux Appliance Server 2.0

• Turbolinux krb5-devel-1.3.4-22.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/


• Turbolinux krb5-devel-1.3.4-22.x86_64.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-devel-1.3.4-22.x86_64.rpm


• Turbolinux krb5-libs-1.3.4-22.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/


• Turbolinux krb5-server-1.3.4-22.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/


• Turbolinux krb5-workstation-1.3.4-22.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

HP HP-UX B.11.23

• HP PHSS_34991
  http://www.hp.com/go/softwaredepot/

HP HP-UX B.11.11

• HP PHSS_36286
  http://www.hp.com/go/softwaredepot/

MIT Kerberos 5 1.4.1

• MIT 2007-003-patch.txt
  http://web.mit.edu/kerberos/advisories/2007-003-patch.txt


• SuSE krb5-1.4-16.9.x86_64.rpm
  SUSE LINUX 9.3:
  ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/krb5-1.4-16.9.x 86_64.rpm


• SuSE krb5-1.4.1-5.5.i586.rpm
  SUSE LINUX 10.0:
  ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/krb5-1.4.1-5.5.i 586.rpm


• SuSE krb5-1.4.1-5.5.x86_64.rpm
  SUSE LINUX 10.0:
  ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-1.4.1-5.5 .x86_64.rpm


• SuSE krb5-1.4.3-19.10.3.i586.rpm
  SUSE LINUX 10.1:
  ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-1.4.3-19.10.3.i5 86.rpm


• SuSE krb5-32bit-1.4.1-5.5.x86_64.rpm
  SUSE LINUX 10.0:
  ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-32bit-1.4 .1-5.5.x86_64.rpm


• SuSE krb5-apps-servers-1.4.1-5.5.i586.rpm
  SUSE LINUX 10.0:
  ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/krb5-apps-server s-1.4.1-5.5.i586.rpm


• SuSE krb5-apps-servers-1.4.1-5.5.x86_64.rpm
  SUSE LINUX 10.0:
  ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-apps-serv ers-1.4.1-5.5.x86_64.rpm


• SuSE krb5-apps-servers-1.4.3-19.10.3.i586.rpm
  SUSE LINUX 10.1:
  ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-apps-servers-1.4 .3-19.10.3.i586.rpm


• SuSE krb5-devel-1.4.1-5.5.i586.rpm
  SUSE LINUX 10.0:
  ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/krb5-devel-1.4.1 -5.5.i586.rpm


• SuSE krb5-devel-1.4.1-5.5.x86_64.rpm
  SUSE LINUX 10.0:
  ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-devel-1.4 .1-5.5.x86_64.rpm


• SuSE krb5-devel-1.4.3-19.10.3.i586.rpm
  SUSE LINUX 10.1:
  ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-devel-1.4.3-19.1 0.3.i586.rpm


• SuSE krb5-devel-32bit-1.4.1-5.5.x86_64.rpm
  SUSE LINUX 10.0:
  ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-devel-32b it-1.4.1-5.5.x86_64.rpm


• SuSE krb5-server-1.4.1-5.5.i586.rpm
  SUSE LINUX 10.0:
  ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/krb5-server-1.4. 1-5.5.i586.rpm


• SuSE krb5-server-1.4.1-5.5.x86_64.rpm
  SUSE LINUX 10.0:
  ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/krb5-server-1. 4.1-5.5.x86_64.rpm


• SuSE krb5-server-1.4.3-19.10.3.i586.rpm
  SUSE LINUX 10.1:
  ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-server-1.4.3-19. 10.3.i586.rpm

MIT Kerberos 5 1.5

• MIT 2007-003-patch.txt
  http://web.mit.edu/kerberos/advisories/2007-003-patch.txt

MIT Kerberos 5 1.5.1

• MIT 2007-003-patch.txt
  http://web.mit.edu/kerberos/advisories/2007-003-patch.txt


• SuSE krb5-1.4.3-19.10.3.x86_64.rpm
  SUSE LINUX 10.1:
  ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-1.4.3-19.10.3. x86_64.rpm


• SuSE krb5-1.5.1-23.4.i586.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-1.5.1-23.4.i586. rpm


• SuSE krb5-1.5.1-23.4.x86_64.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-1.5.1-23.4.x86 _64.rpm


• SuSE krb5-32bit-1.5.1-23.4.x86_64.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-32bit-1.5.1-23 .4.x86_64.rpm


• SuSE krb5-apps-servers-1.5.1-23.4.i586.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-apps-servers-1.5 .1-23.4.i586.rpm


• SuSE krb5-apps-servers-1.5.1-23.4.x86_64.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-apps-servers-1 .5.1-23.4.x86_64.rpm


• SuSE krb5-devel-1.5.1-23.4.i586.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-devel-1.5.1-23.4 .i586.rpm


• SuSE krb5-devel-1.5.1-23.4.x86_64.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-devel-1.5.1-23 .4.x86_64.rpm


• SuSE krb5-devel-32bit-1.5.1-23.4.x86_64.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-devel-32bit-1. 5.1-23.4.x86_64.rpm


• SuSE krb5-server-1.5.1-23.4.i586.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-server-1.5.1-23. 4.i586.rpm


• SuSE krb5-server-1.5.1-23.4.x86_64.rpm
  openSUSE 10.2:
  ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-server-1.5.1-2 3.4.x86_64.rpm

MIT Kerberos 5 1.6

• MIT 2007-003-patch.txt
  http://web.mit.edu/kerberos/advisories/2007-003-patch.txt

Turbolinux Turbolinux Server 10.0

• Turbolinux krb5-debug-1.3.4-22.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-workstation-1.3.4-22.x86_64.rpm


• Turbolinux krb5-devel-1.2.5-21.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-devel-1.2.5-21.i586.rpm


• Turbolinux krb5-devel-1.2.5-21.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/krb5-devel-1.2.5-21.i586.rpm


• Turbolinux krb5-devel-1.3.4-22.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-workstation-1.3.4-22.x86_64.rpm


• Turbolinux krb5-libs-1.2.5-21.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-libs-1.2.5-21.i586.rpm


• Turbolinux krb5-libs-1.3.4-22.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-workstation-1.3.4-22.x86_64.rpm


• Turbolinux krb5-server-1.2.5-21.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-server-1.2.5-21.i586.rpm


• Turbolinux krb5-server-1.3.4-22.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-workstation-1.3.4-22.x86_64.rpm


• Turbolinux krb5-workstation-1.2.5-21.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/krb5-workstation-1.2.5-21.i586.rpm


• Turbolinux krb5-workstation-1.3.4-22.i586.rpm
  
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/krb5-workstation-1.3.4-22.x86_64.rpm

Apple Mac OS X Server 10.3.9

• Apple Security Update 2007-004 (Universal)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13659&cat= 1&platform=osx&method=sa/SecUpd2007-004Univ.dmg

Apple Mac OS X Server 10.4.9

• Apple Security Update 2007-004 (Universal)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13659&cat= 1&platform=osx&method=sa/SecUpd2007-004Univ.dmg

Apple Mac OS X 10.4.9

• Apple Security Update 2007-004 (Universal)
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13659&cat= 1&platform=osx&method=sa/SecUpd2007-004Univ.dmg

Trustix Secure Linux 2.2

• Trustix file-4.12-1tr.i586.rpm
  Trustix Secure Linux 2.2
  ftp://ftp.trustix.org/pub/trustix/updates/


• Trustix file-4.12-2tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates


• Trustix imagemagick-6.3.3.5-1tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates


• Trustix imagemagick-devel-6.3.3.5-1tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates


• Trustix kerberos5-1.3.6-7tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates


• Trustix kerberos5-devel-1.3.6-7tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates


• Trustix kerberos5-libs-1.3.6-7tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates


• Trustix perl-image-magick-6.3.3.5-1tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates

SGI ProPack 3.0 SP6

• SGI Patch 10389
  http://support.sgi.com/

Trustix Secure Linux 3.0.5

• Trustix file-4.13-4tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates


• Trustix file-4.17-3tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates


• Trustix imagemagick-6.3.3.5-1tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates


• Trustix imagemagick-devel-6.3.3.5-1tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates


• Trustix kerberos5-1.4.3-4tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates


• Trustix kerberos5-devel-1.4.3-4tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates


• Trustix kerberos5-libs-1.4.3-4tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates


• Trustix perl-image-magick-6.3.3.5-1tr.i586.rpm
  Trustix Secure Linux 3.0.5
  ftp://ftp.trustix.org/pub/trustix/updates