SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   kadmind (please use Kerberos) Vendors:   Royal Institute of Technology
Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges
SecurityTracker Alert ID:  1005459
SecurityTracker URL:  http://securitytracker.com/id/1005459
CVE Reference:   CVE-2002-1235   (Links to External Site)
Updated:  Apr 26 2004
Original Entry Date:  Oct 22 2002
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.5.1
Description:   A buffer overflow vulnerability was reported in 'kadmind', the administrative access server for the Kerberos database in the Heimdal distribution. A remote user may be able to execute arbitrary code on the system with root level privileges.

It is reported that kadmind in Heimdal releases earlier than 0.5.1 has a buffer overflow in the kerberos version 4 compatibility code. If compiled with support for the Kerberos 4 kadmin protocol, kadmind is vulnerable.

A remote user can cause arbitrary code to be executed with root level privileges.

To determine if kadmind is vulnerable you can run:

# /usr/heimdal/libexec/kadmind --version
kadmind (Heimdal 0.5.1, KTH-KRB 1.2)
Copyright (c) 1999-2002 Kungliga Tekniska H gskolan
Send bug-reports to heimdal-bugs@pdc.kth.se

Non-vulnerable versions reportedly include Heimdal 0.5.1 and binaries that do *not* show a Kerberos 4 version string (KTH-KRB 1.2 in the example).

Impact:   A remote user can execute arbitrary code with root privileges to gain root access on the system.
Solution:   The vendor has released a fixed version (0.5.1), available at:

ftp://ftp.pdc.kth.se/pub/heimdal/src

If you are running a version older than 0.5.1 and have Kerberos 4 support enabled in kadmind, the vendor indicates that you should disable it until you have time to upgrade.

Vendor URL:  www.pdc.kth.se/heimdal/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(NetBSD Issues Fix) Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges
NetBSD has released a fix.
(OpenBSD Issues Fix) Re: Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges
OpenBSD has issued a patch.
(MIT Issues Fix) Re: Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges
MIT has issued a fix for Kerberos 4 and 5.
(Debian Issues Fix) Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges
Debian has released a fix.
(Conectiva Issues Fix) Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges
Conectiva has released a fix.
(Red Hat Issues Fix) Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges
Red Hat has released a fix.
(OpenBSD Issues Fix for 3.2) Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges
OpenBSD has released a fix for OpenBSD 3.2.
(FreeBSD Issues Fix) Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges
FreeBSD has released a fix.



 Source Message Contents

Subject:  kadmind bug


http://www.pdc.kth.se/heimdal/

2002-10-21: Security advisory regarding kadmind

All versions of the kadmind daemon are vulnerable to a remote root exploit, if compiled
with support for the Kerberos 4 kadmin protocol. Heimdal 0.5.1 should fix this problem.

If you are running a version older than 0.5.1 AND have Kerberos 4 support enabled in
kadmind you should disable it until you have time to upgrade.

To tell if kadmind is vulnerable you can run:

# /usr/heimdal/libexec/kadmind --version
kadmind (Heimdal 0.5.1, KTH-KRB 1.2)
Send bug-reports to heimdal-bugs@pdc.kth.se

Non-vulnerable include Heimdal 0.5.1, and binaries that DO NOT show a Kerberos 4 version
string (KTH-KRB 1.2 in the example).

The kadmind service should run on your master kdc, and can be run either from inetd, or as
a standalone daemon. 

--------

The code is currently at release 0.5.1 and is available at
ftp://ftp.pdc.kth.se/pub/heimdal/src.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC