Note: This is an archival copy of Security Sun Alert 200225 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000176.1.
Solaris 9 Operating System
Solaris 10 Operating System
Sun Enterprise Authentication Mechanism 1.0
Solaris 7 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
An unprivileged (either authenticated or unauthenticated) remote user may be able to execute arbitrary code with elevated privileges on Kerberos systems due to a double-free error in the krb5_recvauth() library routine. The privileges attained would depend on the affected program that utilizes the krb5_recvauth() routine; some affected applications such as kpropd() run with root privileges on slave Key Distribution Center (KDC) hosts, which means its potentially possible to compromise an entire Kerberos realm.
This issue is described in MIT krb5 Security Advisory 2005-003 available at
This issue is also referenced in the following documents:
CAN-2005-1689 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689
CERT VU#623332 at http://www.kb.cert.org/vuls/id/623332.
This issue can occur in the following releases:
To determine if a system is configured to utilize Kerberos, the following command can be run:
$ grep default_realm /etc/krb5/krb5.conf | grep -v ___default_realm___
If the command returns no output or the "krb5.conf" file is not found, then the system is not configured for Kerberos.
To determine if SEAM has been installed, the following command can be run:
$ pkginfo SUNWkr5sv
If the SUNWkr5sv package is present, SEAM is installed on the system.
There are no reliable symptoms that would indicate the described issues have been exploited to execute arbitrary commands as root on a Kerberos host.
There is no workaround for this issue. Please see the Resoltuion section.
This issue is addressed in the following releases:
This solution has no attachment