SecurityTracker: (OpenBSD Issues Fix) Re: Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Security) > kadmind

Vendors: Royal Institute of Technology

(OpenBSD Issues Fix) Re: Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges

SecurityTracker Alert ID: 1005461

SecurityTracker URL: http://securitytracker.com/id/1005461

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Oct 22 2002

Impact: Execution of arbitrary code via network, Root access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 0.5.1

Description: A buffer overflow vulnerability was reported in 'kadmind', the administrative access server for the Kerberos database in the Heimdal distribution. A remote user may be able to execute arbitrary code on the system with root level privileges.

It is reported that kadmind in Heimdal releases earlier than 0.5.1 has a buffer overflow in the kerberos version 4 compatibility code. If compiled with support for the Kerberos 4 kadmin protocol, kadmind is vulnerable.

A remote user can cause arbitrary code to be executed with root level privileges.

To determine if kadmind is vulnerable you can run:

# /usr/heimdal/libexec/kadmind --version
kadmind (Heimdal 0.5.1, KTH-KRB 1.2)
Copyright (c) 1999-2002 Kungliga Tekniska H gskolan
Send bug-reports to heimdal-bugs@pdc.kth.se

Non-vulnerable versions reportedly include Heimdal 0.5.1 and binaries that do *not* show a Kerberos 4 version string (KTH-KRB 1.2 in the example).

Impact: A remote user can execute arbitrary code with root privileges to gain root access on the system.

Solution: OpenBSD has released a source code patch for OpenBSD 3.0 and 3.1 which remedies the problem:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/033_kadmin.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/016_kadmin.patch

Vendor URL: www.pdc.kth.se/heimdal/ (Links to External Site)

Cause: Boundary error

Underlying OS: UNIX (OpenBSD)

Message History: This archive entry is a follow-up to the message listed below.

Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges

Source Message Contents

Date: Mon, 21 Oct 2002 21:45:29 -0400
Subject: kadmind bug fix (OpenBSD)


# 016: SECURITY FIX: October 21, 2002

A buffer overflow can occur in the kadmind(8) daemon, leading to possible remote crash or
exploit.

A source code patch exists which remedies the problem:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/033_kadmin.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/016_kadmin.patch

(kadmind - server for administrative access to kerberos database)

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC