Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges
|
|
SecurityTracker Alert ID: 1005459
|
|
CVE Reference: CAN-2002-1235
(Links to External Site)
|
Updated: Apr 26 2004
|
Original Entry Date: Oct 22 2002
|
Impact: Execution of arbitrary code via network, Root access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 0.5.1
|
Description: A buffer overflow vulnerability was reported in 'kadmind', the administrative access server for the Kerberos database in the Heimdal
distribution. A remote user may be able to execute arbitrary code on the system with root level privileges.
It is reported that kadmind in Heimdal releases earlier than 0.5.1 has a buffer overflow in the kerberos version 4 compatibility
code. If compiled with support for the Kerberos 4 kadmin protocol, kadmind is vulnerable.
A remote user can cause arbitrary
code to be executed with root level privileges.
To determine if kadmind is vulnerable you can run:
# /usr/heimdal/libexec/kadmind
--version
kadmind (Heimdal 0.5.1, KTH-KRB 1.2)
Copyright (c) 1999-2002 Kungliga Tekniska H gskolan
Send bug-reports to heimdal-bugs@pdc.kth.se
Non-vulnerable
versions reportedly include Heimdal 0.5.1 and binaries that do *not* show a Kerberos 4 version string (KTH-KRB 1.2 in the example).
|
Impact: A remote user can execute arbitrary code with root privileges to gain root access on the system.
|
Solution: The vendor has released a fixed version (0.5.1), available at:
ftp://ftp.pdc.kth.se/pub/heimdal/src
If you are running a version
older than 0.5.1 and have Kerberos 4 support enabled in kadmind, the vendor indicates that you should disable it until you have
time to upgrade.
|
Vendor URL: www.pdc.kth.se/heimdal/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Mon, 21 Oct 2002 22:45:17 -0400
Subject: kadmind bug
|
http://www.pdc.kth.se/heimdal/
2002-10-21: Security advisory regarding kadmind
All versions of the kadmind daemon are vulnerable to a remote root exploit, if compiled
with support for the Kerberos 4 kadmin protocol. Heimdal 0.5.1 should fix this problem.
If you are running a version older than 0.5.1 AND have Kerberos 4 support enabled in
kadmind you should disable it until you have time to upgrade.
To tell if kadmind is vulnerable you can run:
# /usr/heimdal/libexec/kadmind --version
kadmind (Heimdal 0.5.1, KTH-KRB 1.2)
Copyright (c) 1999-2002 Kungliga Tekniska Högskolan
Send bug-reports to heimdal-bugs@pdc.kth.se
Non-vulnerable include Heimdal 0.5.1, and binaries that DO NOT show a Kerberos 4 version
string (KTH-KRB 1.2 in the example).
The kadmind service should run on your master kdc, and can be run either from inetd, or as
a standalone daemon.
--------
The code is currently at release 0.5.1 and is available at
ftp://ftp.pdc.kth.se/pub/heimdal/src.
|
|
