Note: This is an archival copy of Security Sun Alert 228409 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1017350.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
A security vulnerability in the kadm5 library shipped with Solaris may allow a remote authenticated user to command a host running kadmind(1M) and execute arbitrary code with the privileges of the kadmind process (usually 'root'). This issue affects systems configured as Kerberos Key Distribution Centers(KDC).
In addition, this issue may allow the remote user to compromise the Kerberos key database or cause the affected program to crash, causing a Denial of Service(DOS).
This issue is also described in the following documents:
MIT krb5 Security Advisory 2007-002 at
This issue can occur in the following releases:
Note: This issue can only occur if the system is configured as a Kerberos Key Distribution Center(KDC).
To determine if a system is configured as a KDC, the following command can be run:
% ps -ef | grep kadmin root 321 1 0 Dec 10 ? 0:00 /usr/krb5/lib/kadmind
If the above command shows that the kadmind(1M) daemon is running, then the machine is configured as a KDC and is vulnerable.
There are no predictable symptoms that would indicate this issue has been exploited to execute arbitrary code with elevated privileges on a system.
While it is possible to disable kadmind(1M), this would take down all administrative functionality of the Kerberos environment. The Kerberos realm itself would remain usable while kadmind is down.
This issue is addressed in the following releases:
Note: When SEAM 1.0.1 is run on a Solaris 8 system, both the SEAM 1.0.1 and Solaris 8 patches listed above should be installed to resolve this issue.
This solution has no attachment