Note: This is an archival copy of Security Sun Alert 201327 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001001.1.
Article ID : 1001001.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-01-16
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Several Kerberos Applications are Vulnerable to a Denial of Service

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4691352

Date of Resolved Release
23-JAN-2003

Impact

A remote or local anonymous user may be able to kill the KDC server krb5kdc(1M) or any of the Kerberos applications, such as /usr/krb5/lib's telnetd(1M), rlogind(1M), and rshd(1M).

The KDC vulnerability is described in CERT VU#661243 "Kerberos Key Distribution Center (KDC) vulnerable to DoS via null pointer dereference" (available at http://www.kb.cert.org/vuls/id/661243).


Contributing Factors

This issue can occur in the following releases:

SPARC

  • SEAM 1.0 for Solaris 2.6 without patch 112534-02
  • SEAM 1.0 for Solaris 7 without patch 112536-02
  • Solaris 8 without patch 112237-07 (global) or 112390-07 (domestic)
  • Solaris 9 without patch 112908-04

Intel

  • SEAM 1.0 for Solaris 2.6 without patch 112535-02
  • SEAM 1.0 for Solaris 7 without patch 112537-03
  • Solaris 8 without patch 112238-06 (global) or 112240-06 (domestic)

Note: Solaris 9 on Intel platforms is not affected.

Note: Solaris Enterprise Authentication Mechanism (SEAM) is an unbundled product for Solaris 2.6 and Solaris 7. For more information on SEAM please see the SEAM(5) man page. For Solaris 8 and Solaris 9, most of Kerberos is bundled with Solaris.


Symptoms

An indication of a denial of service could be that the KDC (Key Distribution Center) server process "krb5kdc" is no longer running. The other Kerberos applications listed above are automatically restarted on demand by inetd(1M) after a denial of service, making the indication less obvious.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC

  • SEAM 1.0 for Solaris 2.6 with patch 112534-02 or later
  • SEAM 1.0 for Solaris 7 with patch 112536-02 or later
  • Solaris 8 with patch 112237-07 (global) or later
  • Solaris 8 with patch 112390-07 (domestic) or later
  • Solaris 9 with patch 112908-04 or later

Intel

  • SEAM 1.0 for Solaris 2.6 with patch 112535-02 or later
  • SEAM 1.0 for Solaris 7 with patch 112537-03 or later
  • Solaris 8 with patch 112238-06 (global) or later
  • Solaris 8 with patch 112240-06 (domestic) or later


Modification History

References
 112534-02

 112535-02

 112536-02

 112537-03

 112237-07

 112238-06

 112390-07

 112908-04

 112240-06



                                                                                           


Attachments
This solution has no attachment