[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] ALERT: remote root exploit in Kerberos 4
- To: linux-security
- Subject: [linux-security] ALERT: remote root exploit in Kerberos 4
- From: Martin Siegert <siegert@sfu.ca>
- Date: Wed, 30 Oct 2002 18:17:59 -0800
- User-Agent: Mutt/1.4i
Topic
=====
remote root exploit in Kerberos 4
ALERT: exploits for this vulnerability already exist!
Problem Description
===================
A stack buffer overflow in the implementation of the Kerberos v4
compatibility administration daemon (kadmind4) in the MIT krb5
distribution can be exploited to gain unauthorized root access to a
KDC host. The attacker does not need to authenticate to the daemon to
successfully perform this attack. At least one exploit is known to
exist in the wild, and at least one attacker is reasonably competent
at cleaning up traces of intrusion.
The kadmind4 supplied with MIT krb5 is intended for use in sites that
require compatibility with legacy administrative clients; sites that
do not have this requirement are not likely to be running this daemon.
A remote attacker can execute arbitrary code on the KDC with the
privileges of the user running kadmind4 (usually root). This can lead
to compromise of the Kerberos database.
Affected Software
=================
- all releases of MIT Kerberos 5, up to and including krb5-1.2.6
- all Kerberos 4 implementations derived from MIT Kerberos 4,
including Cygnus Network Security (CNS). This includes KTH Kerberos
4 (eBones).
- KTH Heimdal has a similar vulnerability, if Kerberos 4 compatibility
is compiled
Solution
========
Apply the patch
http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_patch.txt
or upgrade to patched packages for your distribution.
Debian 2.2 (potato)
-------------------
upgrade to kerberos4kth-clients_1.0-2.2_i386.deb,
kerberos4kth-dev_1.0-2.2_i386.deb,
kerberos4kth-kdc_1.0-2.2_i386.deb,
kerberos4kth-services_1.0-2.2_i386.deb,
kerberos4kth-user_1.0-2.2_i386.deb,
kerberos4kth-x11_1.0-2.2_i386.deb,
kerberos4kth1_1.0-2.2_i386.deb,
heimdal-kdc_0.2l-7.4_i386.deb,
heimdal-servers_0.2l-7.4_i386.deb,
heimdal-servers-x_0.2l-7.4_i386.deb
Debian 3.0 (woody)
------------------
upgrade to kerberos4kth-clients_1.1-8-2.2_i386.deb,
kerberos4kth-clients-x_1.1-8-2.2_i386.deb,
kerberos4kth-dev_1.1-8-2.2_i386.deb,
kerberos4kth-dev-common_1.1-8-2.2_i386.deb,
kerberos4kth-kdc_1.1-8-2.2_i386.deb,
kerberos4kth-kip_1.1-8-2.2_i386.deb,
kerberos4kth-servers_1.1-8-2.2_i386.deb,
kerberos4kth-servers-x_1.1-8-2.2_i386.deb,
libacl1-kerberos4kth_1.1-8-2.2_i386.deb,
libkadm1-kerberos4kth_1.1-8-2.2_i386.deb,
libkdb-1-kerberos4kth_1.1-8-2.2_i386.deb,
libkrb-1-kerberos4kth_1.1-8-2.2_i386.deb,
heimdal-kdc_0.4e-7.woody.4_i386.deb,
heimdal-servers_0.4e-7.woody.4_i386.deb,
heimdal-servers-x_0.4e-7.woody.4_i386.deb
SuSE 7.2
--------
rpm -Fvh heimdal-0.3e-83.i386.rpm heimdal-lib-0.3e-83.i386.rpm
SuSE 7.3
--------
rpm -Fvh heimdal-0.4d-132.i386.rpm heimdal-devel-0.4d-132.i386.rpm
SuSE 8.0
--------
rpm -Fvh heimdal-0.4e-191.i386.rpm \
heimdal-lib-0.4e-191.i386.rpm \
heimdal-devel-0.4e-191.i386.rpm
Mandrake 8.1, 8.2
-----------------
rpm -Fvh krb5-server-1.2.2-17.2mdk.i586.rpm \
krb5-libs-1.2.2-17.2mdk.i586.rpm \
krb5-devel-1.2.2-17.2mdk.i586.rpm \
krb5-workstation-1.2.2-17.2mdk.i586.rpm \
telnet-client-krb5-1.2.2-17.2mdk.i586.rpm \
telnet-server-krb5-1.2.2-17.2mdk.i586.rpm \
ftp-client-krb5-1.2.2-17.2mdk.i586.rpm \
ftp-server-krb5-1.2.2-17.2mdk.i586.rpm
Mandrake 9.0
------------
rpm -Fvh krb5-server-1.2.5-1.1mdk.i586.rpm \
krb5-libs-1.2.5-1.1mdk.i586.rpm \
krb5-devel-1.2.5-1.1mdk.i586.rpm \
krb5-workstation-1.2.5-1.1mdk.i586.rpm \
telnet-client-krb5-1.2.5-1.1mdk.i586.rpm \
telnet-server-krb5-1.2.5-1.1mdk.i586.rpm \
ftp-client-krb5-1.2.5-1.1mdk.i586.rpm \
ftp-server-krb5-1.2.5-1.1mdk.i586.rpm