漏洞信息详情
MIT Kerberos Key Distribution Center远程格式化字符串漏洞
- CNNVD编号:CNNVD-200302-035
- 危害等级: 高危
- CVE编号: CVE-2003-0060
- 漏洞类型: 格式化字符串
- 发布时间: 2003-02-19
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: mit
- 漏洞来源: .');">The discovery of t...
漏洞简介
MIT Kerberos V5 Key Distribution Center (KDC) 1.2.5之前版本的登录日志存在格式化字符串漏洞。远程攻击者可以借助Kerberos委托名中的格式化字符串说明符导致服务拒绝(崩溃),并且可能可以执行任意代码。
漏洞公告
This issue has been addressed in MIT Kerberos 1.2.5 and later. Users are advised to upgrade to as soon as possible. Red Hat has released an advisory (RHSA-2003:051-01) to address this issue. Please see the attached adivosry reference for details on obtaining and applying fixes. Conectiva has released a security advisory (CLA-2003:639) containing fixes which address this issue. Users are advised to upgrade as soon as possible. MIT Kerberos 5 1.1.1
- Red Hat krb5-configs-1.1.1-40.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/krb5-configs-1.1.1-40.i386.rpm
- Red Hat krb5-devel-1.1.1-40.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/krb5-devel-1.1.1-40.i386.rpm
- Red Hat krb5-libs-1.1.1-40.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/krb5-libs-1.1.1-40.i386.rpm
- Red Hat krb5-server-1.1.1-40.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/krb5-server-1.1.1-40.i386.rpm
- Red Hat krb5-workstation-1.1.1-40.i386.rpm ftp://updates.redhat.com/6.2/en/os/i386/krb5-workstation-1.1.1-40.i386 .rpm
- MIT Kerberos 1.2.5 http://web.mit.edu/kerberos/www/krb5-1.2/index.HTML
- MIT Kerberos 1.2.5 http://web.mit.edu/kerberos/www/krb5-1.2/index.HTML
- MIT Kerberos 1.2.5 http://web.mit.edu/kerberos/www/krb5-1.2/index.HTML
- Red Hat krb5-devel-1.2.2-24.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/krb5-devel-1.2.2-24.i386.rpm
- Red Hat krb5-devel-1.2.2-24.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/krb5-devel-1.2.2-24.i386.rpm
- Red Hat krb5-devel-1.2.2-24.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/krb5-devel-1.2.2-24.i386.rpm
- Red Hat krb5-devel-1.2.2-24.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/krb5-devel-1.2.2-24.ia64.rpm
- Red Hat krb5-libs-1.2.2-24.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/krb5-libs-1.2.2-24.i386.rpm
- Red Hat krb5-libs-1.2.2-24.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/krb5-libs-1.2.2-24.i386.rpm
- Red Hat krb5-libs-1.2.2-24.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/krb5-libs-1.2.2-24.i386.rpm
- Red Hat krb5-libs-1.2.2-24.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/krb5-libs-1.2.2-24.ia64.rpm
- Red Hat krb5-server-1.2.2-24.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/krb5-server-1.2.2-24.i386.rpm
- Red Hat krb5-server-1.2.2-24.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/krb5-server-1.2.2-24.i386.rpm
- Red Hat krb5-server-1.2.2-24.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/krb5-server-1.2.2-24.i386.rpm
- Red Hat krb5-server-1.2.2-24.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/krb5-server-1.2.2-24.ia64.rpm
- Red Hat krb5-workstation-1.2.2-24.i386.rpm ftp://updates.redhat.com/7.0/en/os/i386/krb5-workstation-1.2.2-24.i386 .rpm
- Red Hat krb5-workstation-1.2.2-24.i386.rpm ftp://updates.redhat.com/7.1/en/os/i386/krb5-workstation-1.2.2-24.i386 .rpm
- Red Hat krb5-workstation-1.2.2-24.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/krb5-workstation-1.2.2-24.i386 .rpm
- Red Hat krb5-workstation-1.2.2-24.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/krb5-workstation-1.2.2-24.ia64 .rpm
- Conectiva krb5-1.2.8-1U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-1.2.8-1U80_1cl.i386.rp m
- Conectiva krb5-apps-clients-1.2.8-1U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-apps-clients-1.2.8-1U8 0_1cl.i386.rpm
- Conectiva krb5-apps-servers-1.2.8-1U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-apps-servers-1.2.8-1U8 0_1cl.i386.rpm
- Conectiva krb5-client-1.2.8-1U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-client-1.2.8-1U80_1cl. i386.rpm
- Conectiva krb5-devel-1.2.8-1U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-devel-1.2.8-1U80_1cl.i 386.rpm
- Conectiva krb5-devel-static-1.2.8-1U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-devel-static-1.2.8-1U8 0_1cl.i386.rpm
- Conectiva krb5-doc-1.2.8-1U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-doc-1.2.8-1U80_1cl.i38 6.rpm
- Conectiva krb5-server-1.2.8-1U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-server-1.2.8-1U80_1cl. i386.rpm
- MIT Kerberos 1.2.5 http://web.mit.edu/kerberos/www/krb5-1.2/index.HTML
-
MIT Kerberos 1.2.5
参考网址
来源:US-CERT Vulnerability Note: VU#787523 名称: VU#787523 链接:http://www.kb.cert.org/vuls/id/787523 来源: BID 名称: 6712 链接:http://www.securityfocus.com/bid/6712 来源: web.mit.edu 链接:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt 来源: XF 名称: kerberos-kdc-format-string(11189) 链接:http://xforce.iss.net/xforce/xfdb/11189 来源: OSVDB 名称: 4879 链接:http://www.osvdb.org/4879 来源: CONECTIVA 名称: CLSA-2003:639 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
受影响实体
- Mit Kerberos:5-1.2.4
- Mit Kerberos:5-1.2.2
- Mit Kerberos:5-1.2.3
- Mit Kerberos:5-1.2.1
补丁
暂无
评论