[OpenAFS] Buffer Overflow in kerberos / are we affected?
Rubino Geiß
kb44@rz.uni-karlsruhe.de
Fri, 25 Oct 2002 11:31:57 +0200
See: http://www.ciac.org/ciac/bulletins/n-009.shtml
In brief:
PROBLEM: A stack buffer overflow in the implementation of the Kerberos
v4 compatibility administration daemon (kadmind4) in the MIT krb5
distribution could be exploited to gain unauthorized root access to a
KDC host.
SOTFWARE: All releases of MIT Kerberos 5, up to and including
krb5-1.2.6.
All Kerberos 4 implementations derived from MIT Kerberos 4, including
Cygnus Network Security (CNS).
DAMAGE: A remote attacker could execute arbitrary code on the KDC with
the privileges of the user running kadmind4 (usually root).
SOLUTION: Apply patch.
Is the AFS kerberos impl. derived from MIT?
Hope we do not have a problem!
Bye, Rubino R. Geiss
--
Rubino Geiss, Universitaet Karlsruhe, IPD Goos
Postfach 6980, D-76128 Karlsruhe, GERMANY
Adenauerring 20a, 50.41 (AVG), Zi. 235
rubino@ipd.info.uni-karlsruhe.de
Tel: (+49) 721 / 608-8352
Fax: (+49) 721 / 30047