SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   kadmind Vendors:   Royal Institute of Technology
(OpenBSD Issues Fix for 3.2) Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges
SecurityTracker Alert ID:  1005578
SecurityTracker URL:  http://securitytracker.com/id/1005578
CVE Reference:   CAN-2002-1235   (Links to External Site)
Date:  Nov 8 2002
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.5.1
Description:   A buffer overflow vulnerability was reported in 'kadmind', the administrative access server for the Kerberos database in the Heimdal distribution. A remote user may be able to execute arbitrary code on the system with root level privileges.

It is reported that kadmind in Heimdal releases earlier than 0.5.1 has a buffer overflow in the kerberos version 4 compatibility code. If compiled with support for the Kerberos 4 kadmin protocol, kadmind is vulnerable.

A remote user can cause arbitrary code to be executed with root level privileges.

To determine if kadmind is vulnerable you can run:

# /usr/heimdal/libexec/kadmind --version
kadmind (Heimdal 0.5.1, KTH-KRB 1.2)
Copyright (c) 1999-2002 Kungliga Tekniska H gskolan
Send bug-reports to heimdal-bugs@pdc.kth.se

Non-vulnerable versions reportedly include Heimdal 0.5.1 and binaries that do *not* show a Kerberos 4 version string (KTH-KRB 1.2 in the example).
Impact:   A remote user can execute arbitrary code with root privileges to gain root access on the system.
Solution:   OpenBSD has issued for OpenBSD 3.2, available in the -STABLE branch or as a standalone patch file:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/001_kadmin.patch

Fixes for other versions of OpenBSD were issued (and addressed in separate Alerts). For more information, see:

http://www.openbsd.org/errata.html
Vendor URL:  www.pdc.kth.se/heimdal/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   UNIX (BSD/OS)

Message History:   This archive entry is a follow-up to the message listed below.
Oct 22 2002 Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges


 Source Message Contents
Date:  Tue, 5 Nov 2002 15:39:09 +0000
Subject:  OpenBSD 3.2 patch 001 released


OpenBSD 3.2, as shipped, is vulnerable to a kadmind remote exploit if the
machine is configured as a kdc (which is not the case in the default
install).

A fix addressing this problem is available in the -STABLE branch, and as
a standalone patch file, at the following location:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/001_kadmin.patch

For more information about errata and patch, please read the OpenBSD
errata page:
    http://www.openbsd.org/errata.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC