Note: This is an archival copy of Security Sun Alert 252767 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020129.1.
Sun Enterprise Authentication Mechanism 1.0.1
Solaris 9 Operating System
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
A Security Vulnerability in the Solaris Kerberos PAM Module May Allow Use of a User Specified Kerberos Configuration File, Leading to Escalation of Privileges
A security vulnerability in the Solaris Kerberos (see kerberos(5)) pam_krb5(5) PAM module may allow a user supplied Kerberos configuration file to be used to specify realm and KDC server information, thereby allowing certain remote unprivileged users or applications to gain elevated privileges.
Sun acknowledges with thanks, Russ Allbery and Steven Luo for bringing this issue to our attention.
This issue is also described in the following documents:
CVE-2009-0360 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0360
CVE-2009-0361 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0361
2. Contributing Factors
This issue can occur in the following releases:
$ uname -vNote: This issue could affect all systems utilizing Kerberos via /etc/pam.conf. To determine if your system is using Kerberos thru the pam stack, the following command can be run:
$ grep pam_krb5 /etc/pam.conf | grep -v #If any lines are returned after running this command, then the system is exposed to this vulnerability. Example:
$ grep pam_krb5 /etc/pam.conf | grep -v #
There are no predictable symptoms to indicate this issue has been exploited to gain elevated privileges.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
05-Mar-2009: Updated Workaround section
10-Mar-2009: Updated Workaround section for IDRs
25-Mar-2009: Updated Contributing Factors and Resolution sections; issue is Resolved
21-May-2009: Updated Contributing Factors section for clarifications
This solution has no attachment