[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [linux-security] ALERT: remote root exploit in Kerberos 4 (Debian)
On Wed, Oct 30, 2002 at 06:17:59PM -0800, Martin Siegert wrote:
> Topic
> =====
> remote root exploit in Kerberos 4
> ALERT: exploits for this vulnerability already exist!
>
> Problem Description
> ===================
> A stack buffer overflow in the implementation of the Kerberos v4
> compatibility administration daemon (kadmind4) in the MIT krb5
> distribution can be exploited to gain unauthorized root access to a
> KDC host. The attacker does not need to authenticate to the daemon to
> successfully perform this attack. At least one exploit is known to
> exist in the wild, and at least one attacker is reasonably competent
> at cleaning up traces of intrusion.
>
> The kadmind4 supplied with MIT krb5 is intended for use in sites that
> require compatibility with legacy administrative clients; sites that
> do not have this requirement are not likely to be running this daemon.
>
> A remote attacker can execute arbitrary code on the KDC with the
> privileges of the user running kadmind4 (usually root). This can lead
> to compromise of the Kerberos database.
>
> Affected Software
> =================
> - all releases of MIT Kerberos 5, up to and including krb5-1.2.6
> - all Kerberos 4 implementations derived from MIT Kerberos 4,
> including Cygnus Network Security (CNS). This includes KTH Kerberos
> 4 (eBones).
> - KTH Heimdal has a similar vulnerability, if Kerberos 4 compatibility
> is compiled
>
> Solution
> ========
Debian has released new heimdal packages that address this problem.
Upgrading is strongly advised.
Debian 2.2 (potato)
-------------------
upgrade to heimdal-kdc_0.2l-7.6_i386.deb,
heimdal-servers_0.2l-7.6_i386.deb,
heimdal-servers-x_0.2l-7.6_i386.deb,
heimdal-clients_0.2l-7.6_i386.deb,
heimdal-clients-x_0.2l-7.6_i386.deb,
heimdal-lib_0.2l-7.6_i386.deb,
heimdal-dev_0.2l-7.6_i386.deb
Debian 3.0 (woody)
------------------
upgrade to heimdal-kdc_0.4e-7.woody.5_i386.deb,
heimdal-servers_0.4e-7.woody.5_i386.deb,
heimdal-servers-x_0.4e-7.woody.5_i386.deb,
heimdal-clients_0.4e-7.woody.5_i386.deb,
heimdal-clients-x_0.4e-7.woody.5_i386.deb,
heimdal-dev_0.4e-7.woody.5_i386.deb,
libasn1-5-heimdal_0.4e-7.woody.5_i386.deb,
libcomerr1-heimdal_0.4e-7.woody.5_i386.deb,
libgssapi1-heimdal_0.4e-7.woody.5_i386.deb,
libhdb7-heimdal_0.4e-7.woody.5_i386.deb,
libkadm5clnt4-heimdal_0.4e-7.woody.5_i386.deb,
libkadm5srv7-heimdal_0.4e-7.woody.5_i386.deb,
libkafs0-heimdal_0.4e-7.woody.5_i386.deb,
libkrb5-17-heimdal_0.4e-7.woody.5_i386.deb,
libotp0-heimdal_0.4e-7.woody.5_i386.deb,
libroken9-heimdal_0.4e-7.woody.5_i386.deb,
libsl0-heimdal_0.4e-7.woody.5_i386.deb,
libss0-heimdal_0.4e-7.woody.5_i386.deb