Category
Security
Release Phase
Resolved
Bug Id
6908114
ProductSolaris 10 Operating System
OpenSolaris
Date of Workaround Release12-Jan-2010
Date of Resolved Release18-Mar-2010
An integer overflow security vulnerability in the Solaris Kerberos ...
1. Impact
An integer overflow security vulnerability in the Solaris Kerberos (see kerberos(5)) crypto library
may allow an unprivileged local or remote user to cause one of the Kerberos daemons to crash, or,
under extraordinarily unlikely conditions, execute arbitrary code wth elevated privileges by inducing
the decryption of an invalid AES or RC4 ciphertext. If a master or slave Key Distribution Center (KDC)
is compromised then all services relying on that KDC for authentication may be compromised as well.
This issue is also referenced in:
MIT krb5 Security Advisory 2009-004
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2009-004.txt
CVE-2009-4212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 10 without patch 141500-06
- OpenSolaris based upon builds snv_01 through snv_131
x86 Platform
- Solaris 10 without patch 141501-07
- OpenSolaris based upon builds snv_01 through snv_131
Note 1: Solaris 8 and Solaris 9 are not impacted by this issue.
Note 2: This issue only affects systems configured to use Kerberos. To determine
if a system is configured to use Kerberos, the following command may be run:
$ test -f /etc/krb5/krb5.conf && grep default_realm /etc/krb5/krb5.conf \
|| echo "System is not configured to use Kerberos."
If there is no krb5.conf(4) Kerberos configuration file or if the output of the above
command is as follows:
default_realm = ___default_realm___
then the system is not configured to use Kerberos.
Note 3: OpenSolaris distributions may include additional bug fixes above and beyond
the build from which it was derived. The base build can be derived as follows:
$ uname -v
snv_101
3. Symptoms
There are no predictable symptoms that would indicate the described issue
has been exploited to execute arbitrary code or heap corruption. If the
described issue has been exploited to cause a Denial of Service (DoS) the
symptoms will depend on which Kerberos component has been impacted.
4. Workaround
There is no workaround. Please see Resolution section below.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 10 with patch 141500-06 or later
- OpenSolaris based upon builds snv_132
x86 Platform
- Solaris 10 with patch 141501-07 or later
- OpenSolaris based upon builds snv_132
Modification History
18-Mar-2010: Updated Contributing Factors, Workaround and Resolution sections. Now Resolved.
References
141500-06
141501-07
AttachmentsThis solution has no attachment