OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: NetBSD Security Officer (security-officer_at_netbsd.org)
Date: Mon Oct 21 2002 - 18:30:51 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----

                     NetBSD Security Advisory 2002-026
                     =================================

    Topic: Buffer overflow in kadmind daemon

    Version: NetBSD-current: source prior to October 21 2002
                    NetBSD-1.6: affected
                    NetBSD-1.5.3: affected
                    NetBSD-1.5.2: affected
                    NetBSD-1.5.1: affected
                    NetBSD-1.5: affected
                    NetBSD-1.4.*: not affected

    Severity: remote buffer overflow, resulting in root exploit

    Fixed: NetBSD-current: October 22, 2002
                    NetBSD-1.6 branch: October 22, 2002
                    NetBSD-1.5 branch: October 22, 2002

    Abstract
    ========

    Kadmind is the server for administrative access to kerberos database,
    and comes from the Heimdal Kerberos implementation used by NetBSD. In
    Heimdal releases earlier than 0.5.1 kadmind has a buffer overflow in
    the kerberos version 4 compatibility code.

    The kadmind daemon has never been enabled by default in NetBSD;
    enabling it would require a change in /etc/inetd.conf.

    Technical Details
    =================

    All versions prior to Heimdal 0.5.1 and 0.4enb1 are vulnerable. NetBSD
    1.5, 1.6, and -current (prior to October 21, 2002) ship with a vulnerable
    version.

    The problem is a buffer overflow in the kerberos version 4 compatibility layer
    of kadmind.

    See also: http://www.pdc.kth.se/heimdal/

    Solutions and Workarounds
    =========================

    For most users this is not a vital service and is likely not enabled.
    The only user of kadmin should be the kdc in a kerberos
    realm. Since the security of the kerberos server very important,
    kadmind must be disabled until upgraded.

    * NetBSD all releases:

            Check that you don't have kadmind in your /etc/inetd.conf.

            # grep kadmind /etc/inetd.conf

            If kadmind is enabled, disable it by commenting out its entry and
            reloading inetd:

            # /etc/rc.d/inetd reload

            Check that kadmind is not running as a service

            # ps axlwww | grep kadmind

            If kadmind is running, kill it:

            # kill <process id of kadmind>

    * NetBSD-current:

            Systems running NetBSD-current dated from before 2002-Oct-22 should
            be upgraded to NetBSD-current dated 2002-Oct-22 or later. The fix
            is included in crypto/dist/heimdal/kadmin/version4.c, revision 1.2.

            The following directory needs to be updated from the netbsd-current
            CVS branch (aka HEAD):
                    crypto/dist/heimdal/kadmin

            To update from CVS, re-build, and re-install kadmind(8):
                    # cd src
                    # cvs update -d -P crypto/dist/heimdal
                    # cd libexec/kadmind
                    # make cleandir dependall
                    # make install

    * NetBSD 1.6:

            The following directory needs to be updated from the
            netbsd-1-6 CVS branch:
                    crypto/dist/heimdal/kadmin

            To update from CVS, re-build, and re-install kadmind(8):

                    # cd src
                    # cvs update -d -P -r netbsd-1-6 crypto/dist/heimdal/kadmin
                    # cd libexec/kadmind
                    # make cleandir dependall
                    # make install

    * NetBSD 1.5:

            The following directory needs to be updated from the
            netbsd-1-5 CVS branch:
                    crypto/dist/heimdal/kadmin

            To update from CVS, re-build, and re-install kadmind(8):

                    # cd src
                    # cvs update -d -P -r netbsd-1-5 crypto/dist/heimdal/kadmin
                    # cd libexec/kadmind
                    # make cleandir dependall
                    # make install

    Thanks To
    =========

    Love Hoernquist-Astrand for the patch and notification and Johan Danielsson
    for testing.

    Revision History
    ================

            2002-Oct-21 Initial release

    More Information
    ================

    Advisories may be updated as new information comes to hand. The most
    recent version of this advisory (PGP signed) can be found at
      ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.asc

    Information about NetBSD and NetBSD security can be found at
    http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.

    Copyright 2002, The NetBSD Foundation, Inc. All Rights Reserved.

    $NetBSD: NetBSD-SA2002-026.txt,v 1.9 2002/10/21 20:34:06 groo Exp $

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (NetBSD)
    Comment: For info see http://www.gnupg.org

    iQCVAwUBPbRlij5Ru2/4N2IFAQGcgwQAn2bBxCdA6L0KhD5Pq0DzylaH8V5wHsq+
    iguSkTTaj8cfIR/7Nz8LHUx16Sn9BzYM/YbGkHhp0NjasjIXxlL1ulriTly6Ynf1
    SOLNqfHP4IlOITGvIYbFBV0EsIgQiRA4uW5jaQT15YJ/gWi8874wioHNWNRCuTm+
    rmkN3qBFP04=
    =2on8
    -----END PGP SIGNATURE-----