SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   kadmind (please use Kerberos) Vendors:   Royal Institute of Technology
(OpenBSD Issues Fix for 3.2) Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges
SecurityTracker Alert ID:  1005578
SecurityTracker URL:  http://securitytracker.com/id/1005578
CVE Reference:   CVE-2002-1235   (Links to External Site)
Date:  Nov 8 2002
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.5.1
Description:   A buffer overflow vulnerability was reported in 'kadmind', the administrative access server for the Kerberos database in the Heimdal distribution. A remote user may be able to execute arbitrary code on the system with root level privileges.

It is reported that kadmind in Heimdal releases earlier than 0.5.1 has a buffer overflow in the kerberos version 4 compatibility code. If compiled with support for the Kerberos 4 kadmin protocol, kadmind is vulnerable.

A remote user can cause arbitrary code to be executed with root level privileges.

To determine if kadmind is vulnerable you can run:

# /usr/heimdal/libexec/kadmind --version
kadmind (Heimdal 0.5.1, KTH-KRB 1.2)
Copyright (c) 1999-2002 Kungliga Tekniska H gskolan
Send bug-reports to heimdal-bugs@pdc.kth.se

Non-vulnerable versions reportedly include Heimdal 0.5.1 and binaries that do *not* show a Kerberos 4 version string (KTH-KRB 1.2 in the example).

Impact:   A remote user can execute arbitrary code with root privileges to gain root access on the system.
Solution:   OpenBSD has issued for OpenBSD 3.2, available in the -STABLE branch or as a standalone patch file:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/001_kadmin.patch

Fixes for other versions of OpenBSD were issued (and addressed in separate Alerts). For more information, see:

http://www.openbsd.org/errata.html

Vendor URL:  www.pdc.kth.se/heimdal/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (BSD/OS)

Message History:   This archive entry is a follow-up to the message listed below.
Oct 22 2002 Heimdal Kerberos 'kadmind' Buffer Overflow Lets Remote Users Execute Arbitrary Code With Root Privileges



 Source Message Contents

Subject:  OpenBSD 3.2 patch 001 released


OpenBSD 3.2, as shipped, is vulnerable to a kadmind remote exploit if the
machine is configured as a kdc (which is not the case in the default
install).

A fix addressing this problem is available in the -STABLE branch, and as
a standalone patch file, at the following location:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/001_kadmin.patch

For more information about errata and patch, please read the OpenBSD
errata page:
    http://www.openbsd.org/errata.html



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC