Note: This is an archival copy of Security Sun Alert 244866 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019733.1.
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
Date of Resolved Release
A security vulnerability in the management of Solaris Kerberos (see kerberos(5)) credential renewal:
A security vulnerability in the management of Solaris Kerberos (see kerberos(5)) credential renewal may allow a local unprivileged user to prevent other users from authenticating to the Kerberos server. This is a type of Denial of Service (DoS).
2. Contributing Factors
This issue can occur in the following releases:
% grep default_realm /etc/krb5/krb5.confIf the above command returns the following data, then your system is NOT configured for Kerberos:
# default_realm = ___default_realm___Note 2: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. To determine the base build of OpenSolaris, the following command can be used:
$ uname -v3. Symptoms
This issue exists on all systems utilizing Kerberos. If the described issue occurs, the following error message will be seen:
Credentials cache file permissions incorrect when initializing cache4. Workaround
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment