[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux-security] ALERT: remote root exploit in Kerberos 4 (RedHat)

To: linux-security
Subject: Re: [linux-security] ALERT: remote root exploit in Kerberos 4 (RedHat)
From: Martin Siegert <siegert@sfu.ca>
Date: Tue, 12 Nov 2002 16:09:41 -0800
In-Reply-To: <20021031021759.GC26864@stikine.ucs.sfu.ca>
References: <20021031021759.GC26864@stikine.ucs.sfu.ca>
User-Agent: Mutt/1.4i

On Wed, Oct 30, 2002 at 06:17:59PM -0800, Martin Siegert wrote:
> Topic
> =====
> remote root exploit in Kerberos 4
> ALERT: exploits for this vulnerability already exist!
> 
> Problem Description
> ===================
> A stack buffer overflow in the implementation of the Kerberos v4
> compatibility administration daemon (kadmind4) in the MIT krb5
> distribution can be exploited to gain unauthorized root access to a
> KDC host.  The attacker does not need to authenticate to the daemon to
> successfully perform this attack.  At least one exploit is known to
> exist in the wild, and at least one attacker is reasonably competent
> at cleaning up traces of intrusion.
> 
> The kadmind4 supplied with MIT krb5 is intended for use in sites that
> require compatibility with legacy administrative clients; sites that
> do not have this requirement are not likely to be running this daemon.
> 
> A remote attacker can execute arbitrary code on the KDC with the
> privileges of the user running kadmind4 (usually root).  This can lead
> to compromise of the Kerberos database.
> 
> Affected Software
> =================
> - all releases of MIT Kerberos 5, up to and including krb5-1.2.6
> - all Kerberos 4 implementations derived from MIT Kerberos 4,
>   including Cygnus Network Security (CNS).  This includes KTH Kerberos
>   4 (eBones).
> - KTH Heimdal has a similar vulnerability, if Kerberos 4 compatibility
>   is compiled
> 
> Solution
> ========

RedHat 6.2
----------
rpm -Fvh krb5-libs-1.1.1-30.i386.rpm \
         krb5-server-1.1.1-30.i386.rpm \
         krb5-workstation-1.1.1-30.i386.rpm \
         krb5-configs-1.1.1-30.i386.rpm \
         krb5-devel-1.1.1-30.i386.rpm

RedHat 7.0, 7.1, 7.2
--------------------
rpm -Fvh krb5-libs-1.2.2-15.i386.rpm \
         krb5-server-1.2.2-15.i386.rpm \
         krb5-workstation-1.2.2-15.i386.rpm \
         krb5-devel-1.2.2-15.i386.rpm

RedHat 7.3
----------
rpm -Fvh krb5-libs-1.2.4-3.i386.rpm \
         krb5-server-1.2.4-3.i386.rpm \
         krb5-workstation-1.2.4-3.i386.rpm \
         krb5-devel-1.2.4-3.i386.rpm

RedHat 8.0
----------
rpm -Fvh krb5-libs-1.2.5-7.i386.rpm \
         krb5-server-1.2.5-7.i386.rpm \
         krb5-workstation-1.2.5-7.i386.rpm \
         krb5-devel-1.2.5-7.i386.rpm

References:
- [linux-security] ALERT: remote root exploit in Kerberos 4
  - From: Martin Siegert <siegert@sfu.ca>
- [linux-security] ALERT: remote root exploit in Kerberos 4
  - From: Martin Siegert <siegert@sfu.ca>

Prev by Date: Re: [linux-security] ALERT: remote root exploit in Kerberos 4 (Debian)
Next by Date: [linux-security] php vulnerability
Prev by thread: Re: [linux-security] ALERT: remote root exploit in Kerberos 4 (Debian)
Next by thread: [linux-security] fecthmail remote exploit
Index(es):
- Date
- Thread