Bugtraq mailing list archives

Re: BUFFER OVERRUN VULNERABILITIES IN KERBEROS

From: kris () FREEBSD ORG (Kris Kennaway)
Date: Thu, 18 May 2000 12:05:02 -0700


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 16 May 2000, Jeffrey I. Schiller wrote:

SUMMARY:

Serious buffer overrun vulnerabilities exist in many implementations
of Kerberos 4, including implementations included for backwards
compatibility in Kerberos 5 implementations.  Other less serious
buffer overrun vulnerabilites have also been discovered.  ALL KNOWN
KERBEROS 4 IMPLEMENTATIONS derived from MIT sources are believed to be
vulnerable.


For some reason CERT only gave the FreeBSD Security Officer team less than
5 hours last night (from 5:30PM EST when we were sent the draft to 10:30PM
EST when their advisory was released) to respond with vendor status, so
let me repeat it here for curious Bugtraq readers wondering why we were
absent from the advisory:

FreeBSD is not vulnerable by default: Kerberos is not installed by
default, and the base system uses KTH Kerberos, not MIT Kerberos, which is
not believed to be vulnerable. We do include a port of MIT Kerberos 5 in
the FreeBSD Ports Collection which was vulnerable, but has been patched to
address the known problems (from patches posted here and in the initial
advisory). All users who have chosen to install the
/usr/ports/security/krb5 port should immediately update their ports
collection and reinstall the port.

Kris
FreeBSD Ports Security Officer

- ----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe () alum mit edu>

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Comment: Made with pgp4pine 1.74
Charset: noconv

iQCVAwUBOSQ+5lUuHi5z0oilAQE68wP8CsD0QknwKTQvkpF4aUahuRhmC7peEXDt
vszXBFvXwDG4IZt57zm5Yq9ghT/LQtAGDY3Onbu0KlDpm9i0ACi9VgsozP6AOcR+
UxlLkb+Y+oJpU9+ZIiFZAxtoEKxjSq7+blwLLLU6uJ7kTX1K5mhKn43xX7eiGX2m
VeeasuHvj+A=
=yyCo
-----END PGP SIGNATURE-----

Current thread:

New Allaire Security Zone Bulletin Posted, (continued)
- New Allaire Security Zone Bulletin Posted Aleph One (May 08)
- Advisory: Netopia R9100 router vulnerability Stephen Friedl (May 08)
  - Re: Advisory: Netopia R9100 router vulnerability Gary L. Burnore (May 09)
    - Re: Advisory: Netopia R9100 router vulnerability Rob Tashjian (May 10)
    - Microsoft Security Bulletin (MS00-031) Microsoft Product Security (May 10)
    - Re: Advisory: Netopia R9100 router vulnerability Jeffrey Paul (May 13)
  - "ClientSideTrojan" bug Kragen Sitaker (May 09)
    - Re: "ClientSideTrojan" bug David L. Nicol (May 11)
    - Re: "ClientSideTrojan" bug Magosanyi Arpad (May 16)
    - BUFFER OVERRUN VULNERABILITIES IN KERBEROS Jeffrey I. Schiller (May 16)
    - Re: BUFFER OVERRUN VULNERABILITIES IN KERBEROS Kris Kennaway (May 18)
    - antisniff x86/linux remote root exploit, including "fixed" 1.02 version Sebastian (May 16)
    - announce : Nessus 1.0 released Renaud Deraison (May 17)
    - RFP2K04: Mining BlackICE with RFPickAxe rain forest puppy (May 17)
    - FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx [REVISED] FreeBSD Security Officer (May 17)
    - klogin remote exploit duke (May 17)
    - Re: RFP2K04: Mining BlackICE with RFPickAxe Robert Graham (May 17)
    - antisniff latest ("two times fixed") version still exploitable, l0phtl0phe-kid.c Sebastian (May 18)
    - Re: antisniff latest ("two times fixed") version still exploitable, l0phtl0phe-kid.c Mudge (May 18)
    - Re: RFP2K04: Mining BlackICE with RFPickAxe Matt (May 18)
    - AUX Security Advisory on Be/OS 5.0 (DoS) visi0n (May 17)

(Thread continues...)