[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux-security] ALERT: remote root exploit in Kerberos 4 (Debian)

To: linux-security
Subject: Re: [linux-security] ALERT: remote root exploit in Kerberos 4 (Debian)
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 31 Oct 2002 10:18:17 -0800
In-Reply-To: <20021031021759.GC26864@stikine.ucs.sfu.ca>
References: <20021031021759.GC26864@stikine.ucs.sfu.ca>
User-Agent: Mutt/1.4i

On Wed, Oct 30, 2002 at 06:17:59PM -0800, Martin Siegert wrote:
> Topic
> =====
> remote root exploit in Kerberos 4
> ALERT: exploits for this vulnerability already exist!
> 
> Problem Description
> ===================
> A stack buffer overflow in the implementation of the Kerberos v4
> compatibility administration daemon (kadmind4) in the MIT krb5
> distribution can be exploited to gain unauthorized root access to a
> KDC host.  The attacker does not need to authenticate to the daemon to
> successfully perform this attack.  At least one exploit is known to
> exist in the wild, and at least one attacker is reasonably competent
> at cleaning up traces of intrusion.
> 
> The kadmind4 supplied with MIT krb5 is intended for use in sites that
> require compatibility with legacy administrative clients; sites that
> do not have this requirement are not likely to be running this daemon.
> 
> A remote attacker can execute arbitrary code on the KDC with the
> privileges of the user running kadmind4 (usually root).  This can lead
> to compromise of the Kerberos database.
> 
> Affected Software
> =================
> - all releases of MIT Kerberos 5, up to and including krb5-1.2.6
> - all Kerberos 4 implementations derived from MIT Kerberos 4,
>   including Cygnus Network Security (CNS).  This includes KTH Kerberos
>   4 (eBones).
> - KTH Heimdal has a similar vulnerability, if Kerberos 4 compatibility
>   is compiled
> 
> Solution
> ========

Debian has released new heimdal packages that address this problem.
Upgrading is strongly advised.

Debian 2.2 (potato)
-------------------
upgrade to heimdal-kdc_0.2l-7.6_i386.deb,
           heimdal-servers_0.2l-7.6_i386.deb,
           heimdal-servers-x_0.2l-7.6_i386.deb,
           heimdal-clients_0.2l-7.6_i386.deb,
           heimdal-clients-x_0.2l-7.6_i386.deb,
           heimdal-lib_0.2l-7.6_i386.deb,
           heimdal-dev_0.2l-7.6_i386.deb

Debian 3.0 (woody)
------------------
upgrade to heimdal-kdc_0.4e-7.woody.5_i386.deb,
           heimdal-servers_0.4e-7.woody.5_i386.deb,
           heimdal-servers-x_0.4e-7.woody.5_i386.deb,
           heimdal-clients_0.4e-7.woody.5_i386.deb,
           heimdal-clients-x_0.4e-7.woody.5_i386.deb,
           heimdal-dev_0.4e-7.woody.5_i386.deb,
           libasn1-5-heimdal_0.4e-7.woody.5_i386.deb,
           libcomerr1-heimdal_0.4e-7.woody.5_i386.deb,
           libgssapi1-heimdal_0.4e-7.woody.5_i386.deb,
           libhdb7-heimdal_0.4e-7.woody.5_i386.deb,
           libkadm5clnt4-heimdal_0.4e-7.woody.5_i386.deb,
           libkadm5srv7-heimdal_0.4e-7.woody.5_i386.deb,
           libkafs0-heimdal_0.4e-7.woody.5_i386.deb,
           libkrb5-17-heimdal_0.4e-7.woody.5_i386.deb,
           libotp0-heimdal_0.4e-7.woody.5_i386.deb,
           libroken9-heimdal_0.4e-7.woody.5_i386.deb,
           libsl0-heimdal_0.4e-7.woody.5_i386.deb,
           libss0-heimdal_0.4e-7.woody.5_i386.deb

References:
- [linux-security] ALERT: remote root exploit in Kerberos 4
  - From: Martin Siegert <siegert@sfu.ca>
- [linux-security] ALERT: remote root exploit in Kerberos 4
  - From: Martin Siegert <siegert@sfu.ca>

Prev by Date: [linux-security] buffer overflow in gv
Next by Date: Re: [linux-security] ALERT: remote root exploit in Kerberos 4 (RedHat)
Prev by thread: [linux-security] ALERT: remote root exploit in Kerberos 4
Next by thread: Re: [linux-security] ALERT: remote root exploit in Kerberos 4 (RedHat)
Index(es):
- Date
- Thread