SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   kadmind Vendors:   Royal Institute of Technology
Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges
SecurityTracker Alert ID:  1005459
SecurityTracker URL:  http://securitytracker.com/id/1005459
CVE Reference:   CAN-2002-1235   (Links to External Site)
Updated:  Apr 26 2004
Original Entry Date:  Oct 22 2002
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.5.1
Description:   A buffer overflow vulnerability was reported in 'kadmind', the administrative access server for the Kerberos database in the Heimdal distribution. A remote user may be able to execute arbitrary code on the system with root level privileges.

It is reported that kadmind in Heimdal releases earlier than 0.5.1 has a buffer overflow in the kerberos version 4 compatibility code. If compiled with support for the Kerberos 4 kadmin protocol, kadmind is vulnerable.

A remote user can cause arbitrary code to be executed with root level privileges.

To determine if kadmind is vulnerable you can run:

# /usr/heimdal/libexec/kadmind --version
kadmind (Heimdal 0.5.1, KTH-KRB 1.2)
Copyright (c) 1999-2002 Kungliga Tekniska H gskolan
Send bug-reports to heimdal-bugs@pdc.kth.se

Non-vulnerable versions reportedly include Heimdal 0.5.1 and binaries that do *not* show a Kerberos 4 version string (KTH-KRB 1.2 in the example).
Impact:   A remote user can execute arbitrary code with root privileges to gain root access on the system.
Solution:   The vendor has released a fixed version (0.5.1), available at:

ftp://ftp.pdc.kth.se/pub/heimdal/src

If you are running a version older than 0.5.1 and have Kerberos 4 support enabled in kadmind, the vendor indicates that you should disable it until you have time to upgrade.
Vendor URL:  www.pdc.kth.se/heimdal/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(NetBSD Issues Fix) Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges   (NetBSD Security Officer <security-officer@netbsd.org>)
NetBSD has released a fix.
(OpenBSD Issues Fix) Re: Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges
OpenBSD has issued a patch.
(MIT Issues Fix) Re: Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges   (Tom Yu <tlyu@MIT.EDU>)
MIT has issued a fix for Kerberos 4 and 5.
(Debian Issues Fix) Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.
(Conectiva Issues Fix) Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges   (secure@conectiva.com.br)
Conectiva has released a fix.
(Red Hat Issues Fix) Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges   (bugzilla@redhat.com)
Red Hat has released a fix.
(OpenBSD Issues Fix for 3.2) Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges   (Miod Vallat <miod@openbsd.org>)
OpenBSD has released a fix for OpenBSD 3.2.
(FreeBSD Issues Fix) Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges   (FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>)
FreeBSD has released a fix.


 Source Message Contents
Date:  Mon, 21 Oct 2002 22:45:17 -0400
Subject:  kadmind bug


http://www.pdc.kth.se/heimdal/

2002-10-21: Security advisory regarding kadmind

All versions of the kadmind daemon are vulnerable to a remote root exploit, if compiled
with support for the Kerberos 4 kadmin protocol. Heimdal 0.5.1 should fix this problem.

If you are running a version older than 0.5.1 AND have Kerberos 4 support enabled in
kadmind you should disable it until you have time to upgrade.

To tell if kadmind is vulnerable you can run:

# /usr/heimdal/libexec/kadmind --version
kadmind (Heimdal 0.5.1, KTH-KRB 1.2)
Copyright (c) 1999-2002 Kungliga Tekniska Högskolan
Send bug-reports to heimdal-bugs@pdc.kth.se

Non-vulnerable include Heimdal 0.5.1, and binaries that DO NOT show a Kerberos 4 version
string (KTH-KRB 1.2 in the example).

The kadmind service should run on your master kdc, and can be run either from inetd, or as
a standalone daemon. 

--------

The code is currently at release 0.5.1 and is available at
ftp://ftp.pdc.kth.se/pub/heimdal/src.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC