(IBM Issues Fix for AIX) Kerberos telnetd Grants Access to Remote Users
|
|
SecurityTracker Alert ID: 1017861 |
|
SecurityTracker URL: http://securitytracker.com/id/1017861
|
|
CVE Reference:
CVE-2007-0956
(Links to External Site)
|
Date: Apr 3 2007
|
Impact:
Root access via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): krb5 prior to krb5-1.6.1
|
Description:
A vulnerability was reported in Kerberos in the telnet daemon. A remote user can bypass authentication and gain access to the target system.
A remote user can invoke telnet and set a specially crafted username that begins with '-e' to gain remote access to the specified username account on the target system.
|
Impact:
A remote user can gain access to the target system.
|
Solution:
IBM has issued the following fixes.
For AIX 5.2.0: Install Network Authentication Service version 1.4.0.6 or 1.3.0.6.
For AIX 5.3.0: Install Network Authentication Service version 1.3.0.6 or 1.4.0.6. Version 1.4.0.6 will available on the AIX 5L for POWER V5.3 Expansion Pack in November 2007.
|
Vendor URL: web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt (Links to External Site)
|
Cause:
Authentication error, State error
|
Underlying OS:
UNIX (AIX)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 3 Apr 2007 17:14:40 -0400
Subject: IBM AIX
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
IBM SECURITY ADVISORY
First Issued: Tue Apr 3 13:39:48 CDT 2007
===========================================================================
VULNERABILITY SUMMARY
VULNERABILITY: A double free vulnerability may allow an attacker to
execute arbitrary code.
PLATFORMS: Network Authentication Service 1.3 and 1.4
for AIX 5.2 and AIX 5.3.
SOLUTION: Apply the fixes described below.
THREAT: A remote attacker may execute arbitrary code on the
host running kadmind
CERT VU Number: VU#419344
CVE Number: CVE-2007-1216
===========================================================================
DETAILED INFORMATION
I. Description
===============
The MIT Kerberos team recently reported various vulnerabilities in Kerberos
version 5. Kerberos is available for AIX via Network Authentication Service
on the Expansion Pack. Network Authentication Service for AIX is not
affected by MITKRB5-SA-2007-001 (CVE-2007-0956, VU#220816) or
MITKRB5-SA-2007-002 (CVE-2007-0957, VU#704024).
MITKRB5-SA-2007-003 (CVE-2007-1216,VU#419344) may allow an attacker to
execute arbitrary code on the host running kadmind. kamind runs as root so
the attacker could execute arbitrary code with root privileges. More
information about security vulnerabilities in MIT kerberos can be found at
http://web.mit.edu/kerberos/advisories/.
The following versions of Network Authentication Service are vulnerable:
* Network Authentication Service 1.3.0.0 through 1.3.0.5
* Network Authentication Service 1.4.0.0 through 1.4.0.5
To determine which version of Network Authentication Service is installed,
execute the following commands:
# lslpp -L krb5.client.rte
# lslpp -L krb5.server.rte
If the filesets are installed they will be listed along with version
information, state, type and a description. The first command prints
information for the client fileset and the second command prints
information for the server fileset. Affected hosts should upgrade all
affected Network Authentication Service filesets that are installed.
II. Impact
==========
A remote attacker may cause execute arbitrary code on a host running
kadmind.
III. Solutions
===============
A. Fix
IBM provides the following fixes:
AIX 5.2.0: Install Network Authentication Service version 1.4.0.6 or
1.3.0.6. Customers may contact AIX Support to request either
versions.
AIX 5.3.0: Install Network Authentication Service version
1.3.0.6 or 1.4.0.6. Customers may contact AIX Support to request
either versions. Version 1.4.0.6 will also available on the AIX 5L
for POWER V5.3 Expansion Pack available in November 2007. (form
number LCD4-7460-08).
IV. Contact Information
========================
If you would like to receive AIX Security Advisories via email, please visit:
https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs
Comments regarding the content of this announcement can be directed to:
security-alert@austin.ibm.com
To request the PGP public key that can be used to communicate securely
with the AIX Security Team send email to security-alert@austin.ibm.com
with a subject of "get key". The key can also be downloaded from a
PGP Public Key Server. The key id is 0x3AE561C3.
Please contact your local IBM AIX support center for any assistance.
eServer is a trademark of International Business Machines Corporation.
IBM, AIX and pSeries are registered trademarks of International Business
Machines Corporation. All other trademarks are property of their
respective holders.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGEqcoofN/JhsU8pkRAluTAJ9J0smH2t6XqiWxBleXFl2JyHs8gwCeLIkH
/kSu7212zFcPS3gydTCQTwo=
=6m3V
-----END PGP SIGNATURE-----
|
|
