Note: This is an archival copy of Security Sun Alert 200906 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000693.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Bug Id 4865664, 5063407 Date of Workaround Release 31-AUG-2004 Date of Resolved Release 01-SEP-2004 Impact 1. An unprivileged (either authenticated or unauthenticated) remote user may be able to execute arbitrary code with "root" privileges on Kerberos Key Distribution Center (KDC) systems and thus compromise an entire Kerberos realm. 2. An unprivileged authenticated local or remote user may be able to execute arbitrary code with root privileges on Kerberos enabled systems due to double free vulnerabilities in the Kerberos V5 libraries. 3. An unprivileged (either authenticated or unauthenticated) remote user may be able to cause the KDC daemon (krb5dkc(1M)) or a Kerberos application to hang. 4. A privileged remote user who impersonates a legitimate KDC or Kerberos application server may be able to execute arbitrary code with "root" privileges on a Kerberos client while that client is authenticating. These issues are described in the MIT krb5 Security Advisories: MIT krb5 Security Advisory 2004-002 at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt MIT krb5 Security Advisory 2004-003 at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-003-asn1.txt These issues are also referenced in: CAN-2004-0642 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0642 CAN-2004-0643 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0643 CAN-2004-0644 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0644 and CERT Vulnerability Notes: VU#550464 at http://www.kb.cert.org/vuls/id/550464 VU#866472 at http://www.kb.cert.org/vuls/id/866472 VU#795632 at http://www.kb.cert.org/vuls/id/795632 Contributing Factors These issues can occur in the following releases: SPARC Platform
x86 Platform
Notes: 1. Systems running Solaris Enterprise Authentication Mechanism (SEAM) 1.0.2 for Solaris 9 are impacted by this issue as SEAM 1.0.2 uses the affected Kerberos libraries delivered in Solaris 9. 2. Solaris 8 and SEAM 1.0 (for Solaris 7) and SEAM 1.0.1 (for Solaris 8) are not impacted by this issue. 3. Only systems configured to utilize Kerberos are affected by these issues. To determine if a system is configured to utilize Kerberos, run the following command: $ grep default_realm /etc/krb5/krb5.conf | grep -v ___default_realm___ If the command returns no output or the "krb5.conf" file is not found, then the system is not configured for Kerberos. 4. Two of the listed impacts relate to the Kerberos Key Distribution Center (KDC). Systems are only vulnerable to these two issues if the Kerberos configured system has been configured as a KDC host. To check to see if the KDC daemon (see krb5kdc(1M)) is running, run the following command: $ pgrep krb5kdc || echo "krb5kdc(1M) daemon is NOT running" If this returns a process ID, then the system is configured as a KDC host. If this returns the message "krb5kdc(1M) daemon is NOT running", then KDC is not running. Symptoms "Kerberized" applications or services (such as the SEAM applications shipped in "/usr/krb5/bin" and "/usr/krb5/lib") may hang and stop responding to requests. There are no reliable symptoms that would indicate the described issues have been exploited to execute arbitrary commands as "root" on a Kerberos host. Workaround There is no workaround for this issue. Please see the "Resolution" section below. Resolution This issue is adressed in the following releases: SPARC Platform
x86 Platform
Note: Although this issue is shown to be resolved in patch release 112908-15 (see patch README), that patch revision has been obsoleted is no longer available for download. Please use 112908-16 or later. Modification History Date: 28-SEP-2004
Date: 24-SEP-2004
Date: 01-SEP-2004
Attachments This solution has no attachment |
|