Note: This is an archival copy of Security Sun Alert 201582 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001187.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 8 Operating System Bug Id 6209960 Date of Workaround Release 22-DEC-2004 Date of Resolved Release 02-MAR-2005 Impact Due to a heap buffer overflow, an authenticated user (not necessarily one with administrative privileges), could execute arbitrary code on the Kerberos Key Distribution Center (KDC) host, compromising an entire Kerberos realm. This issue is described in the following documents: MIT krb5 Security Advisory at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-004-pwhist.txt CVE CAN-2004-1189 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1189 Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Notes:
This issue may occur if the machine is configured as the Key Distribution Center (KDC). To verify this, the following command can be run: % ps -ef | grep kadmin root 321 1 0 Dec 10 ? 0:00 /usr/krb5/lib/kadmind If the above command shows that the daemon kadmind(1M) is running, then the machine is configured as the Key Distribution Center (KDC). Symptoms There are no predictable symptoms that would indicate the described issue has been exploited. Workaround It is advised that the history count is NOT decreased on any policy in the Kerberos realm. If the count has been decreased, it is advised to change it back to the previous higher value. (Kerberos password history count is the number of previous passwords that have been used by the principal that cannot be used). To administer Kerberos, use kadmin(1M). To get the current history count, the following command can be run at the kadmin(1M) prompt: kadmin: get_policy <name of the policy> Policy: ... ... Number of old keys kept: 3 ... Here, the history count is the number of "old keys" kept. If the history count is changed from a higher number to the (current) lower number, change it back to the previous higher number. This can be done by running the following command at the kadmin(1M) prompt: kadmin: modify_policy -history <number> default Please refer to kadmin(1M) man pages for further details. Resolution This issue is resolved in the following releases: SPARC Platform
x86 Platform
Modification History Date: 02-MAR-2005
Date: 25-FEB-2005
References112921-06110061-15 110060-16 116046-06 Attachments This solution has no attachment |
|