SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kerberos Vendors:   MIT
(NetBSD Issues Fix) Kerberos 4 Security Protocol Weaknesses May Let Certain Remote Users Create Tickets
SecurityTracker Alert ID:  1006480
SecurityTracker URL:  http://securitytracker.com/id/1006480
CVE Reference:   CVE-2003-0138   (Links to External Site)
Updated:  Jan 20 2004
Original Entry Date:  Apr 4 2003
Impact:   Modification of authentication information, Modification of system information, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Kerberos 4 security protocol. A remote user with access to a shared key for cross-realm authentication or with the ability to create arbitrary principals in a realm or with the ability to monitor the network could create a ticket for user in that realm to impersonate the user.

MIT reported that there is a cryptographic weakness in version 4 of the Kerberos protocol (affecting krb5 implementations) that allows a remote user to conduct a "chosen-plaintext attack" to impersonate an arbitrary principal in a realm. MIT also reported that other cryptographic weaknesses in the MIT krb5 distribution's krb4 protocol implementation allow a remote user to use a "cut-and-paste attack" to create apparently valid krb4 tickets for unauthorized client principals when triple-DES keys are used for krb4 services.

The report indicates that the Kerberos version 5 protocol does not contain these flaws. Users that have completely disabled Kerberos v4 are not vulnerable.

Impact:   A remote user that controls a krb4 shared cross-realm key can impersonate an arbitrary principal in the realm. MIT reports that this may lead to a root-level compromise of a KDC and any related hosts.

A remote user could then attack cross-realm principals to compromise additional realms.

A remote user without access to a shared cross-realm key may be able to create arbitrary principal names and use those to launch an attack.

A remote user with the ability to sniff network traffic can impersonate any principal to a service keyed with triple-DES krb4 keys.

Solution:   NetBSD has released a fix.

NetBSD-current: Systems running NetBSD-current dated from before 2003-03-20 should be upgraded to NetBSD-current dated 2003-03-21 or later.

The following directories need to be updated from the netbsd-current CVS branch (aka HEAD):
crypto/dist/heimdal/kdc
include/heimdal

To update from CVS, re-build, and re-install your KDC binaries.
# cd src
# cvs update -d -P crypto/dist/heimdal/kdc include/heimdal
# cd crypto/dist/heimdal/kdc

# make USETOOLS=no cleandir dependall
# make USETOOLS=no install


NetBSD 1.6:

The binary distribution of NetBSD 1.6 is vulnerable.

Systems running NetBSD 1.6 sources dated from before 2003-03-22 should be upgraded from NetBSD 1.6 sources dated 2003-03-23 or later.

NetBSD 1.6.1 will include the fix.

The following directories need to be updated from the netbsd-1-6 CVS branch:
crypto/dist/heimdal/kdc
include/heimdal

To update from CVS, re-build, and re-install your KDC binaries.

# cd src
# cvs update -d -P -r netbsd-1-6 crypto/dist/heimdal/kdc \
include/heimdal
# cd crypto/dist/heimdal/kdc

# make USETOOLS=no cleandir dependall
# make USETOOLS=no install


NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:

The binary distribution of NetBSD 1.5.3 is vulnerable.

Systems running NetBSD 1.5, 1.5.1, 1.5.2, or 1.5.3 sources dated from before 2003-03-31 should be upgraded from NetBSD 1.5.* sources dated 2003-04-01 or later.

The following directories need to be updated from the netbsd-1-5 CVS branch:
crypto/dist/heimdal/kdc
include/heimdal

To update from CVS, re-build, and re-install your KDC binaries.

# cd src
# cvs update -d -P -r netbsd-1-5 crypto/dist/heimdal/kdc \
include/heimdal
# cd crypto/dist/heimdal/kdc

# make cleandir dependall
# make install

Vendor URL:  web.mit.edu/kerberos/www/advisories/index.html (Links to External Site)
Cause:   Access control error, Authentication error, Randomization error, State error
Underlying OS:  UNIX (NetBSD)
Underlying OS Comments:  NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6

Message History:   This archive entry is a follow-up to the message listed below.
Mar 17 2003 Kerberos 4 Security Protocol Weaknesses May Let Certain Remote Users Create Tickets



 Source Message Contents

Subject:  NetBSD Security Advisory 2003-006: Cryptographic weaknesses in Kerberos v4 protocol




-----BEGIN PGP SIGNED MESSAGE-----


		 NetBSD Security Advisory 2003-006
		 =================================

Topic:		Cryptographic weaknesses in Kerberos v4 protocol


Version:	NetBSD-current:	source prior to March 20, 2003
		NetBSD 1.6:	affected
		NetBSD-1.5.3:	affected
		NetBSD-1.5.2:	affected
		NetBSD-1.5.1:	affected
		NetBSD-1.5:	affected
		pkgsrc:		prior to kth-krb4-1.2.1 or heimdal-0.5.1

Severity:	Every user on a Kerberos 4 network can be compromised

Fixed:		NetBSD-current:		March 20, 2003
		NetBSD-1.6 branch:	March 22, 2003 (1.6.1 will include the fix)
		NetBSD-1.5 branch:	April 1, 2003 
		pkgsrc:			kth-krb4-1.2.2, heimdal-0.5.2


Abstract
========

A cryptographic weakness in version 4 of the Kerberos protocol allows
an attacker to use a chosen-plaintext attack to impersonate any
principal in a realm.  This attack subverts a site's entire Kerberos
authentication infrastructure.

Kerberos version 5 does not contain this cryptographic vulnerability.

Sites are not vulnerable if they have Kerberos v4 completely disabled,
including the disabling of any krb5 to krb4 translation services.


Technical Details
=================

An attacker controlling a krb4 shared cross-realm key can
impersonate any principal in the remote realm to any service in the
remote realm.  This can lead to a root-level compromise of a KDC,
along with compromise of any hosts that rely on authentication
provided by that KDC.

This attack may be performed against cross-realm principals, thus
allowing an attacker to hop realms and compromise any realm that
transitively shares a cross-realm key with the attacker's local
realm.

Related, but more difficult attacks may be possible without
requiring the control of a shared cross-realm key.  At the very
least, an attacker capable of creating arbitrary principal names in
the target realm may be able to perform the attack.

A leak has occurred of an unpublished paper containing enough
details about the vulnerability that an attacker familiar with the
krb4 protocol can easily construct an exploit.  No exploit is known
to be circulating at this time, though.

These are PROTOCOL vulnerabilities; fixes inherently involve
restricting the functionality of the protocol.

The fixes are required for the KDC machine - patches are not needed
on the clients, if v4 is disabled on the server.


Solutions and Workarounds
=========================

If you can't upgrade to a newer version, make sure you disable all
cross-realm functionality, remove or randomize the cross-realm key.

You can use ``kinit --version'' do determine if you have a vulnerable system

current:

	kinit (Heimdal 0.5nb2, KTH-KRB 1.2)
	Send bug-reports to heimdal-bugs@pdc.kth.se

	is secure/safe.


The following instructions describe how to upgrade your affected
binaries by updating your source tree and rebuilding and
installing a new version of Heimdal.

* NetBSD-current:

	Systems running NetBSD-current dated from before 2003-03-20
	should be upgraded to NetBSD-current dated 2003-03-21 or later.

	The following directories need to be updated from the
	netbsd-current CVS branch (aka HEAD):
		crypto/dist/heimdal/kdc
		include/heimdal

	To update from CVS, re-build, and re-install your KDC binaries.
		# cd src
		# cvs update -d -P crypto/dist/heimdal/kdc include/heimdal
		# cd crypto/dist/heimdal/kdc

		# make USETOOLS=no cleandir dependall
		# make USETOOLS=no install


* NetBSD 1.6:

	The binary distribution of NetBSD 1.6 is vulnerable.   

	Systems running NetBSD 1.6 sources dated from before
	2003-03-22 should be upgraded from NetBSD 1.6 sources dated
	2003-03-23 or later.

	NetBSD 1.6.1 will include the fix.

	The following directories need to be updated from the
	netbsd-1-6 CVS branch:
		crypto/dist/heimdal/kdc
		include/heimdal

	To update from CVS, re-build, and re-install your KDC binaries.

		# cd src
		# cvs update -d -P -r netbsd-1-6 crypto/dist/heimdal/kdc \
			include/heimdal
		# cd crypto/dist/heimdal/kdc

		# make USETOOLS=no cleandir dependall
		# make USETOOLS=no install


* NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:

	The binary distribution of NetBSD 1.5.3 is vulnerable.   

	Systems running NetBSD 1.5, 1.5.1, 1.5.2, or 1.5.3 sources dated
	from before 2003-03-31 should be upgraded from NetBSD 1.5.*
	sources dated 2003-04-01 or later.

	The following directories need to be updated from the
	netbsd-1-5 CVS branch:
		crypto/dist/heimdal/kdc
		include/heimdal

	To update from CVS, re-build, and re-install your KDC binaries.

		# cd src
		# cvs update -d -P -r netbsd-1-5 crypto/dist/heimdal/kdc \
			include/heimdal
		# cd crypto/dist/heimdal/kdc

		# make cleandir dependall
		# make install



Thanks To
=========

Sam Hartman and Tom Yu for notifying us in the first place and
providing text for the advisory.

Steve Bellovin provided some hints that led MIT people to discover
this vulnerability.

Love Hornquist-Astrand for coordination of information exchange.


Revision History
================

	2003-04-04	Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-006.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.


Copyright 2003, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2003-006.txt,v 1.6 2003/04/04 06:12:17 wiz Exp $

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iQCVAwUBPo2tkT5Ru2/4N2IFAQEATQQAr6wpwA3pkd4y9TJRYBEQbPcrthTxT7S1
ORPzFy1lvllI64BQRxPTQ0/5vVPDr0kBOUhI7PajeuW4m6JcULTWKkG1D8m8jlLE
AOhbv0avyrLpnk5QuFjM7bQ7ubrCLJO4yu8i+ZdHmgkg818MJSmw2ORVXbkbALxU
6WJ0xdd4Xkw=
=3D78
-----END PGP SIGNATURE-----


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC