Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 14842 - app-crypt/mit-krb5
Summary: app-crypt/mit-krb5
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: x86 Linux
: Highest critical (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-01-31 07:52 UTC by Daniel Ahlberg (RETIRED)
Modified: 2003-02-05 04:27 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Ahlberg (RETIRED) gentoo-dev 2003-01-31 07:52:14 UTC
MITKRB5-SA-2003-001: Multiple vulnerabilities in old releases of MIT Kerberos 
 
From:  
Ken Raeburn <raeburn@MIT.EDU> 
 
 
To:  
kerberos-announce@MIT.EDU 
 
 
Date:  
Tuesday 22.58.13 
 
 
-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA1 
 
 
 
            MIT krb5 Security Advisory 2003-001 
 
Original Release Date: 2003-01-28 
 
Topic: Multiple vulnerabilities in old releases of MIT Kerberos 
 
Severity: CRITICAL: Remote user can crash KDC, and may be able to 
          forge non-local identities and compromise the KDC or 
          application servers. 
 
SUMMARY 
======= 
 
Multiple vulnerabilities have been found in MIT Kerberos 5 releases 
prior to release 1.2.5.  MIT recommends updating to 1.2.7 if possible. 
 
IMPACT 
====== 
 
* A remote user can crash the KDC. 
 
* A user authenticated in a remote realm may be able to claim to be 
  other non-local users to an application server. 
 
* It may be possible for a user to gain access to the KDC system and 
  database. 
 
AFFECTED SOFTWARE 
================= 
 
* All releases of MIT Kerberos 5 before 1.2.5. 
 
FIX 
=== 
 
MIT recommends updating to release 1.2.5 or later, preferably to the 
latest release.  Patches specifically to fix these problems are not 
available at this time. 
 
This announcement and related security advisories may be found on the 
MIT Kerberos security advisory page at: 
 
        http://web.mit.edu/kerberos/www/advisories/index.html 
 
The main MIT Kerberos web page is at: 
 
        http://web.mit.edu/kerberos/www/index.html 
 
ACKNOWLEDGMENTS 
=============== 
 
Thanks to greg pryzby, Joseph Sokol-Margolis, Gerald Britton, E. Larry 
Lidz, and CERT for reporting these problems. 
 
DETAILS 
======= 
 
Problem 1: KDC null pointer dereferences 
________________________________________ 
 
Certain protocol requests, compliant with the protocol encoding scheme 
but indicative of a client system most likely configured incorrectly, 
can crash a KDC with a null pointer dereference.  We do not believe 
any exploit to gain access to the KDC or otherwise alter its behavior 
is possible on systems without storage mapped at address zero.  We 
have not explored the effects of this on a system with mapped memory 
at address zero. 
 
The fallback and retransmit algorithm used in the MIT krb5 library 
will cause an application not receiving a reply from a KDC to try 
other KDCs in the same realm; it will iterate through this list a few 
times, or until it gets a response.  Thus, one client may take down 
multiple KDCs. 
 
We believe this vulnerability is limited to the TGS-REQ exchange, that 
is, cases where the user has already authenticated to the KDC or one 
with which it shares inter-realm keys.  So (ignoring cases of 
well-known passwords) there is an audit trail of sorts, even if it has 
to be dug out of a core file, and it is not a simple, scriptable 
attack against KDCs in general. 
 
Workarounds: 
 
 - Start your KDC from inittab or a loop in a shell script.  (The 
   inittab approach may not work well if the KDC is crashed too often 
   in a short span of time.) 
 
Thanks to greg pryzby <GregPryzby@aol.com> for reporting this problem. 
 
Problem 2: realm transit checks 
_______________________________ 
 
Realms with shared keys can impersonate people in other non-local 
realms in certain cases.  It may be exploitable in various ways if 
non-local principal names are on critical ACLs. 
 
This vulnerability affects both the KDC and Kerberos application 
servers. 
 
This problem was fixed in the 1.2.3 release.  That release also added 
a flag to the KDC config file that can be set to refuse untrusted 
cross-realm authentication, in case application servers cannot be 
updated quickly enough.  This is not recommended as a long-term 
solution, because the current model we use says that the application 
server is responsible for doing this validation, which allows (for 
example) a service on a specific machine (perhaps one set up for 
software testing) to be configured to know about authentication paths 
known to the maintainer of the service, even if the maintainer of the 
KDC does not trust these paths for general use within the realm. 
Enforcing this limitation in the KDC takes this option away from the 
maintainers of individual machines. 
 
Workarounds: 
 
 - Delete or change inter-realm keys so inter-realm authentication is 
   disabled. 
 
 - Remove all non-local principals from all critical ACLs in services 
   using old MIT Kerberos code to validate the realm transit path 
 
Thanks to Joseph Sokol-Margolis <seph@mit.edu> and Gerald Britton 
<gbritton@alum.mit.edu> for finding this problem. 
 
Problem 3: format strings 
_________________________ 
 
Older versions of the MIT KDC used strings containing Kerberos 
principal names as printf-style format strings in logging routines. 
 
At least some cases do not require successful authentication, so this 
can be used as a remote, anonymous attack. 
 
It is easy to crash the KDC with this exploit.  We do not know of any 
exploits to gain access to the host system, but we do not rule out the 
possibility. 
 
Workarounds: See under problem 1.  ***However, these do not address 
the host access possibility.*** 
 
Thanks to E. Larry Lidz <ellidz@eridu.uchicago.edu> for discovering 
this problem. 
 
Problem 4: bounds checking on data sizes 
________________________________________ 
 
Some of our code does not do bounds checking on lengths before 
allocating storage.  On some systems, attempting to allocate large 
negative amounts of storage can crash the program.  Thus, some bogus 
packets may crash the KDC or an application server using Kerberos.  We 
do not believe this can be exploited to gain access to the host 
system. 
 
Workarounds: 
 
 - start KDC in a loop in a script, or from inittab 
 
 - do likewise for any server processes that need to handle multiple 
   client connections 
 
Thanks to CERT for bringing this to our attention. 
 
REVISION HISTORY 
================ 
 
2003-01-28      original release 
 
-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v1.0.6 (GNU/Linux) 
Comment: For info see http://www.gnupg.org 
 
iD8DBQE+Nvz7UqOaDMQ+e5gRAsTXAKDnR5W9BAF29BN+LTA6Vf0VE8IEaACffUxa 
q3ZwHRinV/lW5Hc1pgvxI3U= 
=KrXi 
-----END PGP SIGNATURE-----
Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev 2003-02-05 04:27:50 UTC
.