[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] multiple vulnerabilities in kerberos software



Topic
=====
multiple vulnerabilities in kerberos software can result in remote compomises
and DoS attacks.

Problem Description
===================
Kerberos is a network authentication system. The MIT Kerberos team
released an advisory describing a number of vulnerabilities.

An integer signedness error in the ASN.1 decoder before version 1.2.5
allows remote attackers to cause a denial of service (crash) via a large
unsigned data element length, which is later used as a negative value. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-0036 to this issue.

The Key Distribution Center (KDC) before version 1.2.5 allows remote,
authenticated attackers to cause a denial of service (crash) on KDCs within
the same realm using a certain protocol request that causes a null
dereference (CAN-2003-0058).

The Key Distribution Center (KDC) allows remote, authenticated attackers to
cause a denial of service (crash) on KDCs within the same realm using a
certain protocol request that causes an out-of-bounds read of an array
(CAN-2003-0072).

The Key Distribution Center (KDC) allows remote, authenticated attackers
to cause a denial of service (crash) on KDCs within the same realm using a
certain protocol request that causes the KDC to corrupt its heap
(CAN-2003-0082).

A vulnerability in Kerberos before version 1.2.3 allows users from one
realm to impersonate users in other realms that have the same inter-realm
keys (CAN-2003-0059).

The MIT advisory for these issues also mentions format string
vulnerabilities in the logging routines (CAN-2003-0060).

Vulnerabilities have been found in the support for triple-DES keys in the
implementation of the Kerberos IV authentication protocol which is included
in MIT Kerberos (CAN-2003-0139).
  
Vulnerabilities have been found in the Kerberos IV authentication protocol
which allow an attacker with knowledge of a cross-realm key, which is
shared with another realm, to impersonate any principal in that realm to
any service in that realm. This vulnerability can only be closed by
disabling cross-realm authentication in Kerberos IV (CAN-2003-0138).

Vulnerabilities have been found in the RPC library used by the kadmin
service in Kerberos 5. A faulty length check in the RPC library exposes
kadmind to an integer overflow which can be used to crash kadmind.

Affected Versions
=================
All MIT kerberos versions before release 1.3

Solution
========
Upgrade to release 1.3 of MIT krb5 (not yet released)
or patched version for your distribution.

RedHat 6.2
----------
rpm -Fvh krb5-configs-1.1.1-40.i386.rpm \
         krb5-devel-1.1.1-40.i386.rpm \
         krb5-libs-1.1.1-40.i386.rpm \
         krb5-server-1.1.1-40.i386.rpm \
         krb5-workstation-1.1.1-40.i386.rpm

RedHat 7.0, 7.1, 7.2
--------------------
rpm -Fvh krb5-devel-1.2.2-24.i386.rpm \
         krb5-libs-1.2.2-24.i386.rpm \
         krb5-server-1.2.2-24.i386.rpm \
         krb5-workstation-1.2.2-24.i386.rpm

RedHat 7.3
----------
rpm -Fvh krb5-devel-1.2.4-11.i386.rpm \
         krb5-libs-1.2.4-11.i386.rpm \
         krb5-server-1.2.4-11.i386.rpm \
         krb5-workstation-1.2.4-11.i386.rpm

RedHat 8.0
----------
rpm -Fvh krb5-devel-1.2.5-15.i386.rpm \
         krb5-libs-1.2.5-15.i386.rpm \
         krb5-server-1.2.5-15.i386.rpm \
         krb5-workstation-1.2.5-15.i386.rpm

RedHat 9
--------
rpm -Fvh krb5-devel-1.2.7-14.i386.rpm \
         krb5-libs-1.2.7-14.i386.rpm \
         krb5-server-1.2.7-14.i386.rpm \
         krb5-workstation-1.2.7-14.i386.rpm

Mandrake 8.2
------------
rpm -Fvh ftp-client-krb5-1.2.2-17.5mdk.i586.rpm \
         ftp-server-krb5-1.2.2-17.5mdk.i586.rpm \
         krb5-devel-1.2.2-17.5mdk.i586.rpm \
         krb5-libs-1.2.2-17.5mdk.i586.rpm \
         krb5-server-1.2.2-17.5mdk.i586.rpm \
         krb5-workstation-1.2.2-17.5mdk.i586.rpm \
         telnet-client-krb5-1.2.2-17.5mdk.i586.rpm \
         telnet-server-krb5-1.2.2-17.5mdk.i586.rpm

Mandrake 9.1
------------
rpm -Fvh ftp-client-krb5-1.2.5-1.4mdk.i586.rpm \
         ftp-server-krb5-1.2.5-1.4mdk.i586.rpm \
         krb5-devel-1.2.5-1.4mdk.i586.rpm \
         krb5-libs-1.2.5-1.4mdk.i586.rpm \
         krb5-server-1.2.5-1.4mdk.i586.rpm \
         krb5-workstation-1.2.5-1.4mdk.i586.rpm \
         telnet-client-krb5-1.2.5-1.4mdk.i586.rpm \
         telnet-server-krb5-1.2.5-1.4mdk.i586.rpm


Mandrake 9.1
------------
rpm -Fvh ftp-client-krb5-1.2.5-1.1mdk.i586.rpm \
         ftp-server-krb5-1.2.5-1.1mdk.i586.rpm \
         krb5-devel-1.2.5-1.1mdk.i586.rpm \
         krb5-libs-1.2.5-1.1mdk.i586.rpm \
         krb5-server-1.2.5-1.1mdk.i586.rpm \
         krb5-workstation-1.2.5-1.1mdk.i586.rpm \
         telnet-client-krb5-1.2.5-1.1mdk.i586.rpm \
         telnet-server-krb5-1.2.5-1.1mdk.i586.rpm

Debian 2.2 (potato)
-------------------
upgrade to kerberos4kth-clients_1.0-2.3_i386.deb,
           kerberos4kth-dev_1.0-2.3_i386.deb,
           kerberos4kth-kdc_1.0-2.3_i386.deb,
           kerberos4kth-services_1.0-2.3_i386.deb,
           kerberos4kth-user_1.0-2.3_i386.deb,
           kerberos4kth-x11_1.0-2.3_i386.deb,
           kerberos4kth1_1.0-2.3_i386.deb

Debian 3.0 (woody)
------------------
upgrade to kerberos4kth-docs_1.1-8-2.3_all.deb,
           kerberos4kth-services_1.1-8-2.3_all.deb,
           kerberos4kth-user_1.1-8-2.3_all.deb,
           kerberos4kth-x11_1.1-8-2.3_all.deb,
           kerberos4kth1_1.1-8-2.3_all.deb,
           kerberos4kth-clients_1.1-8-2.3_i386.deb,
           kerberos4kth-clients-x_1.1-8-2.3_i386.deb,
           kerberos4kth-dev_1.1-8-2.3_i386.deb,
           kerberos4kth-dev-common_1.1-8-2.3_i386.deb,
           kerberos4kth-kdc_1.1-8-2.3_i386.deb,
           kerberos4kth-kip_1.1-8-2.3_i386.deb,
           kerberos4kth-servers_1.1-8-2.3_i386.deb,
           kerberos4kth-servers-x_1.1-8-2.3_i386.deb,
           libacl1-kerberos4kth_1.1-8-2.3_i386.deb,
           libkadm1-kerberos4kth_1.1-8-2.3_i386.deb,
           libkdb-1-kerberos4kth_1.1-8-2.3_i386.deb,
           libkrb-1-kerberos4kth_1.1-8-2.3_i386.deb,
           krb5-doc_1.2.4-5woody4_all.deb,
           krb5-admin-server_1.2.4-5woody4_i386.deb,
           krb5-clients_1.2.4-5woody4_i386.deb,
           krb5-ftpd_1.2.4-5woody4_i386.deb,
           krb5-kdc_1.2.4-5woody4_i386.deb,
           krb5-rsh-server_1.2.4-5woody4_i386.deb,
           krb5-telnetd_1.2.4-5woody4_i386.deb,
           krb5-user_1.2.4-5woody4_i386.deb,
           libkadm55_1.2.4-5woody4_i386.deb,
           libkrb5-dev_1.2.4-5woody4_i386.deb,
           libkrb53_1.2.4-5woody4_i386.deb,
           heimdal-docs_0.4e-7.woody.6_all.deb,
           heimdal-lib_0.4e-7.woody.6_all.deb,
           heimdal-clients_0.4e-7.woody.6_i386.deb,
           heimdal-clients-x_0.4e-7.woody.6_i386.deb,
           heimdal-dev_0.4e-7.woody.6_i386.deb,
           heimdal-kdc_0.4e-7.woody.6_i386.deb,
           heimdal-servers_0.4e-7.woody.6_i386.deb,
           heimdal-servers-x_0.4e-7.woody.6_i386.deb,
           libasn1-5-heimdal_0.4e-7.woody.6_i386.deb,
           libcomerr1-heimdal_0.4e-7.woody.6_i386.deb,
           libgssapi1-heimdal_0.4e-7.woody.6_i386.deb,
           libhdb7-heimdal_0.4e-7.woody.6_i386.deb,
           libkadm5clnt4-heimdal_0.4e-7.woody.6_i386.deb,
           libkadm5srv7-heimdal_0.4e-7.woody.6_i386.deb,
           libkafs0-heimdal_0.4e-7.woody.6_i386.deb,
           libkrb5-17-heimdal_0.4e-7.woody.6_i386.deb,
           libotp0-heimdal_0.4e-7.woody.6_i386.deb,
           libroken9-heimdal_0.4e-7.woody.6_i386.deb,
           libsl0-heimdal_0.4e-7.woody.6_i386.deb,
           libss0-heimdal_0.4e-7.woody.6_i386.deb