[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] multiple vulnerabilities in kerberos software
- To: linux-security
- Subject: [linux-security] multiple vulnerabilities in kerberos software
- From: Martin Siegert <siegert@sfu.ca>
- Date: Wed, 2 Apr 2003 19:02:33 -0800
- User-Agent: Mutt/1.4i
Topic
=====
multiple vulnerabilities in kerberos software can result in remote compomises
and DoS attacks.
Problem Description
===================
Kerberos is a network authentication system. The MIT Kerberos team
released an advisory describing a number of vulnerabilities.
An integer signedness error in the ASN.1 decoder before version 1.2.5
allows remote attackers to cause a denial of service (crash) via a large
unsigned data element length, which is later used as a negative value. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-0036 to this issue.
The Key Distribution Center (KDC) before version 1.2.5 allows remote,
authenticated attackers to cause a denial of service (crash) on KDCs within
the same realm using a certain protocol request that causes a null
dereference (CAN-2003-0058).
The Key Distribution Center (KDC) allows remote, authenticated attackers to
cause a denial of service (crash) on KDCs within the same realm using a
certain protocol request that causes an out-of-bounds read of an array
(CAN-2003-0072).
The Key Distribution Center (KDC) allows remote, authenticated attackers
to cause a denial of service (crash) on KDCs within the same realm using a
certain protocol request that causes the KDC to corrupt its heap
(CAN-2003-0082).
A vulnerability in Kerberos before version 1.2.3 allows users from one
realm to impersonate users in other realms that have the same inter-realm
keys (CAN-2003-0059).
The MIT advisory for these issues also mentions format string
vulnerabilities in the logging routines (CAN-2003-0060).
Vulnerabilities have been found in the support for triple-DES keys in the
implementation of the Kerberos IV authentication protocol which is included
in MIT Kerberos (CAN-2003-0139).
Vulnerabilities have been found in the Kerberos IV authentication protocol
which allow an attacker with knowledge of a cross-realm key, which is
shared with another realm, to impersonate any principal in that realm to
any service in that realm. This vulnerability can only be closed by
disabling cross-realm authentication in Kerberos IV (CAN-2003-0138).
Vulnerabilities have been found in the RPC library used by the kadmin
service in Kerberos 5. A faulty length check in the RPC library exposes
kadmind to an integer overflow which can be used to crash kadmind.
Affected Versions
=================
All MIT kerberos versions before release 1.3
Solution
========
Upgrade to release 1.3 of MIT krb5 (not yet released)
or patched version for your distribution.
RedHat 6.2
----------
rpm -Fvh krb5-configs-1.1.1-40.i386.rpm \
krb5-devel-1.1.1-40.i386.rpm \
krb5-libs-1.1.1-40.i386.rpm \
krb5-server-1.1.1-40.i386.rpm \
krb5-workstation-1.1.1-40.i386.rpm
RedHat 7.0, 7.1, 7.2
--------------------
rpm -Fvh krb5-devel-1.2.2-24.i386.rpm \
krb5-libs-1.2.2-24.i386.rpm \
krb5-server-1.2.2-24.i386.rpm \
krb5-workstation-1.2.2-24.i386.rpm
RedHat 7.3
----------
rpm -Fvh krb5-devel-1.2.4-11.i386.rpm \
krb5-libs-1.2.4-11.i386.rpm \
krb5-server-1.2.4-11.i386.rpm \
krb5-workstation-1.2.4-11.i386.rpm
RedHat 8.0
----------
rpm -Fvh krb5-devel-1.2.5-15.i386.rpm \
krb5-libs-1.2.5-15.i386.rpm \
krb5-server-1.2.5-15.i386.rpm \
krb5-workstation-1.2.5-15.i386.rpm
RedHat 9
--------
rpm -Fvh krb5-devel-1.2.7-14.i386.rpm \
krb5-libs-1.2.7-14.i386.rpm \
krb5-server-1.2.7-14.i386.rpm \
krb5-workstation-1.2.7-14.i386.rpm
Mandrake 8.2
------------
rpm -Fvh ftp-client-krb5-1.2.2-17.5mdk.i586.rpm \
ftp-server-krb5-1.2.2-17.5mdk.i586.rpm \
krb5-devel-1.2.2-17.5mdk.i586.rpm \
krb5-libs-1.2.2-17.5mdk.i586.rpm \
krb5-server-1.2.2-17.5mdk.i586.rpm \
krb5-workstation-1.2.2-17.5mdk.i586.rpm \
telnet-client-krb5-1.2.2-17.5mdk.i586.rpm \
telnet-server-krb5-1.2.2-17.5mdk.i586.rpm
Mandrake 9.1
------------
rpm -Fvh ftp-client-krb5-1.2.5-1.4mdk.i586.rpm \
ftp-server-krb5-1.2.5-1.4mdk.i586.rpm \
krb5-devel-1.2.5-1.4mdk.i586.rpm \
krb5-libs-1.2.5-1.4mdk.i586.rpm \
krb5-server-1.2.5-1.4mdk.i586.rpm \
krb5-workstation-1.2.5-1.4mdk.i586.rpm \
telnet-client-krb5-1.2.5-1.4mdk.i586.rpm \
telnet-server-krb5-1.2.5-1.4mdk.i586.rpm
Mandrake 9.1
------------
rpm -Fvh ftp-client-krb5-1.2.5-1.1mdk.i586.rpm \
ftp-server-krb5-1.2.5-1.1mdk.i586.rpm \
krb5-devel-1.2.5-1.1mdk.i586.rpm \
krb5-libs-1.2.5-1.1mdk.i586.rpm \
krb5-server-1.2.5-1.1mdk.i586.rpm \
krb5-workstation-1.2.5-1.1mdk.i586.rpm \
telnet-client-krb5-1.2.5-1.1mdk.i586.rpm \
telnet-server-krb5-1.2.5-1.1mdk.i586.rpm
Debian 2.2 (potato)
-------------------
upgrade to kerberos4kth-clients_1.0-2.3_i386.deb,
kerberos4kth-dev_1.0-2.3_i386.deb,
kerberos4kth-kdc_1.0-2.3_i386.deb,
kerberos4kth-services_1.0-2.3_i386.deb,
kerberos4kth-user_1.0-2.3_i386.deb,
kerberos4kth-x11_1.0-2.3_i386.deb,
kerberos4kth1_1.0-2.3_i386.deb
Debian 3.0 (woody)
------------------
upgrade to kerberos4kth-docs_1.1-8-2.3_all.deb,
kerberos4kth-services_1.1-8-2.3_all.deb,
kerberos4kth-user_1.1-8-2.3_all.deb,
kerberos4kth-x11_1.1-8-2.3_all.deb,
kerberos4kth1_1.1-8-2.3_all.deb,
kerberos4kth-clients_1.1-8-2.3_i386.deb,
kerberos4kth-clients-x_1.1-8-2.3_i386.deb,
kerberos4kth-dev_1.1-8-2.3_i386.deb,
kerberos4kth-dev-common_1.1-8-2.3_i386.deb,
kerberos4kth-kdc_1.1-8-2.3_i386.deb,
kerberos4kth-kip_1.1-8-2.3_i386.deb,
kerberos4kth-servers_1.1-8-2.3_i386.deb,
kerberos4kth-servers-x_1.1-8-2.3_i386.deb,
libacl1-kerberos4kth_1.1-8-2.3_i386.deb,
libkadm1-kerberos4kth_1.1-8-2.3_i386.deb,
libkdb-1-kerberos4kth_1.1-8-2.3_i386.deb,
libkrb-1-kerberos4kth_1.1-8-2.3_i386.deb,
krb5-doc_1.2.4-5woody4_all.deb,
krb5-admin-server_1.2.4-5woody4_i386.deb,
krb5-clients_1.2.4-5woody4_i386.deb,
krb5-ftpd_1.2.4-5woody4_i386.deb,
krb5-kdc_1.2.4-5woody4_i386.deb,
krb5-rsh-server_1.2.4-5woody4_i386.deb,
krb5-telnetd_1.2.4-5woody4_i386.deb,
krb5-user_1.2.4-5woody4_i386.deb,
libkadm55_1.2.4-5woody4_i386.deb,
libkrb5-dev_1.2.4-5woody4_i386.deb,
libkrb53_1.2.4-5woody4_i386.deb,
heimdal-docs_0.4e-7.woody.6_all.deb,
heimdal-lib_0.4e-7.woody.6_all.deb,
heimdal-clients_0.4e-7.woody.6_i386.deb,
heimdal-clients-x_0.4e-7.woody.6_i386.deb,
heimdal-dev_0.4e-7.woody.6_i386.deb,
heimdal-kdc_0.4e-7.woody.6_i386.deb,
heimdal-servers_0.4e-7.woody.6_i386.deb,
heimdal-servers-x_0.4e-7.woody.6_i386.deb,
libasn1-5-heimdal_0.4e-7.woody.6_i386.deb,
libcomerr1-heimdal_0.4e-7.woody.6_i386.deb,
libgssapi1-heimdal_0.4e-7.woody.6_i386.deb,
libhdb7-heimdal_0.4e-7.woody.6_i386.deb,
libkadm5clnt4-heimdal_0.4e-7.woody.6_i386.deb,
libkadm5srv7-heimdal_0.4e-7.woody.6_i386.deb,
libkafs0-heimdal_0.4e-7.woody.6_i386.deb,
libkrb5-17-heimdal_0.4e-7.woody.6_i386.deb,
libotp0-heimdal_0.4e-7.woody.6_i386.deb,
libroken9-heimdal_0.4e-7.woody.6_i386.deb,
libsl0-heimdal_0.4e-7.woody.6_i386.deb,
libss0-heimdal_0.4e-7.woody.6_i386.deb