Sudo: local root compromise with krb5 enabled Jun 07 2007 01:57AM
Thor Lancelot Simon (tls rek tjls com) (2 replies)
Re: Sudo: local root compromise with krb5 enabled Jun 07 2007 05:13PM
James Downs (egon egon cc) (1 replies)

On Jun 6, 2007, at 6:57 PM, Thor Lancelot Simon wrote:

> The 'sudo' package can be built to use Kerberos 5 for authentication
> of users. When a user is properly authenticated to sudo, sudo grants

It should be noted that Kerberos is not an authorization system. All
this case does is allow a user, who can already log into your system,
and already can use sudo, to bypass their real password. If the user
can't do things as root, correct or incorrect password isn't buying
them much.

This IS a bug in handling kerberos authentication, but if the user
can log into the system, the user can use any version of sudo, and if
they're authorized, they already know their password, and can do
things as root.

There's probably an attack here where an attacker can get in as a
user without knowing the legitimate password, leverage the weakness
in sudo to use a fake password, but if you can have people logging
into accounts without knowing authentication information, you have
other problems.

> 2) Use the returned ticket to request access to a local service from
> the KDC, and confirm that the ticket _for that service_ returned
> by the KDC is correct. If this step is not performed, it is not
> possible to distinguish a response from a fake KDC that simply says
> "yes" to all requests from a response from the real KDC.

This assumes that the service keytab is secure. Does sudo use and
recognize the KRB5_KTNAME environmental variable? If so, this step
isn't secure either.

Cheers,
-j

[ reply ]
Re: Sudo: local root compromise with krb5 enabled Jun 07 2007 07:55PM
Mark Senior (senatorfrog gmail com) (1 replies)
Re: Sudo: local root compromise with krb5 enabled Jun 07 2007 08:05PM
Todd C. Miller (Todd Miller courtesan com)
Re: Sudo: local root compromise with krb5 enabled Jun 07 2007 03:19AM
Thor Lancelot Simon (tls rek tjls com) (1 replies)
MIT krb5: makes sudo authentication issue MUCH worse. Jun 07 2007 03:37AM
Thor Lancelot Simon (tls rek tjls com)


 

Privacy Statement
Copyright 2010, SecurityFocus