Note: This is an archival copy of Security Sun Alert 249926 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019965.1.
Solaris 10 Operating System
Date of Resolved Release
A Security Vulnerability in Kerberos Incremental Propagation May Lead to a Denial of Service (DoS) Against Slave KDC Systems
A security vulnerability in Solaris Kerberos (see kerberos(5)) may allow an unauthenticated remote user on a system which can access a master Key Distribution Center (KDC) server to prevent propagation of incremental propagation requests to slave KDC servers. This is a type of Denial of Service (DoS).
2. Contributing Factors
This issue can occur in the following releases:
% svcs -a | grep krb5_propIf the output from this command states that the service is online, then the system is configured as a slave KDC.
This issue exists on any system acting as a slave KDC. It may be noticed that propagation is not occuring to the slave system by reviewing /var/krb5/kdc.log on the master for the lack of incremental propagation messages.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment