• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor Kerberos 5/Kerberos 4 Compatibility krb_rd_req() Buffer Overflow Vulnerability

Solution:
MIT will release krb5-1.2 shortly, which will remedy these problems in the MIT codebase. Patches are available against krb5-1.0.x., and krb5-1.1.1

Users upgrading to krb5-1.1.1 and compiling with the --without-krb4 option also need to apply patches against the login program to prevent a dangling else clause.

Removing the setuid bit on the v4rcp binary will eliminate that specific vulnerability under RedHat Linux 6.2. It will not remove additional problems present if Kerberos is installed.

Any users still using FreeBSD 2.2.5 and who have installed the optional Kerberos distribution are urged to upgrade to 2.2.8-STABLE or later. Note however that FreeBSD 2.x is no longer an officially supported version, nor are security fixes always provided.

RedHat has released patches. See the RedHat advisory http://www.redhat.com/support/errata/RHSA-2000-025.html


MIT Kerberos 5 5.0 -1.0.x

• MIT krb5-1.0.x.patch
  http://www.securityfocus.com/data/vulnerabilities/patches/krb5-1.0.x.p atch

MIT Kerberos 5 5.0 -1.1.1

• MIT krb5-1.1.1.patch
  http://www.securityfocus.com/data/vulnerabilities/patches/krb5-1.1.1.p atch