Note: This is an archival copy of Security Sun Alert 201319 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000994.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
A stack overflow vulnerability in the RPCSEC_GSS (see rpcsec_gss(3NSL)) security flavor used to access the Generic Security Services Application Programming Interface (GSS-API) affects the Kerberos administration daemon (kadmind(1M)). This vulnerability may allow an unauthorized remote user the ability to execute arbitrary commands on Kerberos Key Distribution Center(KDC) systems with the privileges of the kadmind(1M) daemon (usually root). This may also allow the remote user to compromise the Kerberos key database or cause the kadmind(1M) daemon to crash, which is a type of Denial of Service (DoS).
Note: Third-party applications which utilize RPCSEC_GSS may also be affected.
This issue is also referenced in the following documents:
Note: Solaris is not affected by CVE-2007-4000 mentioned in MITKRB5-SA-2007-006.
This issue can occur in the following releases:
Note: This issue only occurs if the system is configured as a Key Distribution Center (KDC).
To determine if the system is configured as a Key Distribution Center, the following command can be used:
% pgrep -l kadmind 938 kadmind
If the above command shows a process id, the daemon kadmind(1M) is running and the machine is configured as the Key Distribution Center (KDC).
There are no predictable symptoms that would indicate the described vulnerability has been exploited.
There is no workaround. Please see the Resolution section below.
This issue is addressed in the following releases:
This solution has no attachment