Note: This is an archival copy of Security Sun Alert 201327 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001001.1.
Solaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Date of Resolved Release
A remote or local anonymous user may be able to kill the KDC server krb5kdc(1M) or any of the Kerberos applications, such as /usr/krb5/lib's telnetd(1M), rlogind(1M), and rshd(1M).
The KDC vulnerability is described in CERT VU#661243 "Kerberos Key Distribution Center (KDC) vulnerable to DoS via null pointer dereference" (available at http://www.kb.cert.org/vuls/id/661243).
This issue can occur in the following releases:
Note: Solaris 9 on Intel platforms is not affected.
Note: Solaris Enterprise Authentication Mechanism (SEAM) is an unbundled product for Solaris 2.6 and Solaris 7. For more information on SEAM please see the SEAM(5) man page. For Solaris 8 and Solaris 9, most of Kerberos is bundled with Solaris.
An indication of a denial of service could be that the KDC (Key Distribution Center) server process "krb5kdc" is no longer running. The other Kerberos applications listed above are automatically restarted on demand by inetd(1M) after a denial of service, making the indication less obvious.
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
This solution has no attachment