[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Other] Schwachstelle in MIT Kerberos 5

To: win-sec-ssc@xxxxxxxxxxx
Subject: [Other] Schwachstelle in MIT Kerberos 5
From: win-sec-ssc@xxxxxxxxxxx
Date: Wed, 29 Jan 2003 17:08:48 +0100 (MET)
Delivery-date: Wed, 29 Jan 2003 17:12:47 +0100
Envelope-to: win-sec-ssc@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----

Liebe Kolleginnen und Kollegen,

soeben erreichte uns das nachfolgende MIT krb5 Security Advisory
2003-001. Wir geben diese Informationen unveraendert an Sie weiter.

In MIT Kerberos 5 sind mehrere Schwachstellen vorhanden:

1.) KDC Null-Pointer Dereferenzierung

Bestimmte Protokoll-Requests an einen Key Distribution Center (KDC)
koennen diesen durch die Dereferenzierung eines Null-Pointers zum
Absturz bringen.

2.) Realm Transit Checks

Es besteht ein Fehler in der Inter-Realm Authentifizierung. Realms mit
gemeinsamen Schluesseln koennen unter bestimmten Umstaenden die
Identitaet eines anderen nicht-lokalen Benutzers annehmen. Diese
Schwachstelle ist dann ausnutzbar, wenn nicht-lokale Principal-Namen
in ACLs eingetragen sind.

Diese Schwachstelle betrifft sowohl den KDC als auch Kerberos
Applikationsserver.

3.) In Logging Funktionen des MIT KDCs werden printf() Format-Strings
beruecksichtigt (Format String Schwachstellen). Teilweise kann ein
Angreifer ohne vorherige Authentifizierung diese Schwachstellen
ausnutzen, um beliebige Befehle mit den Privilegien des KDCs
auszufuehren.

4.) Im KDC und Applikationsservern koennen Integer Overflows
ausgeloest werden. Die Folge ist eine Alloziierung von Speicher mit
negativen Intergerwerten. Diese Schwachstellen koennen zumindest fuer
einen Denial of Service (DoS) Angriff ausgenutzt werden.

Betroffen sind alle Releases von MIT Kerberos 5 vor Version 1.2.5.  Es
wird empfohlen, auf Version 1.2.7 umzusteigen:

	
	http://web.mit.edu/kerberos/www/index.html
	

(c) der deutschen Zusammenfassung bei DFN-CERT GmbH; die Verbreitung,
auch auszugsweise, ist nur unter Hinweis auf den Urheber, DFN-CERT
GmbH, und nur zu nicht kommerziellen Zwecken gestattet.

Mit freundlichen Gruessen,

- -- 
Jan Kohlrausch     |             mailto:kohlrausch@xxxxxxxxxxx
DFN-CERT GmbH      |   http://www.cert.dfn.de/team/kohlrausch/
Heidenkanpsweg 41  |                 Phone: +49(40) 808077 555
D-20097 Hamburg    |                   FAX: +49(40) 808077 556
Germany	           |                     PGP-KeyID: 0xA5DD03D1
PGP-Key Fingerprint:  A255 1C51 0A30 3E78  5B40 DAB7 14F7 C9E8



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



	    MIT krb5 Security Advisory 2003-001

Original Release Date: 2003-01-28

Topic: Multiple vulnerabilities in old releases of MIT Kerberos

Severity: CRITICAL: Remote user can crash KDC, and may be able to
          forge non-local identities and compromise the KDC or
          application servers.

SUMMARY
=======

Multiple vulnerabilities have been found in MIT Kerberos 5 releases
prior to release 1.2.5.  MIT recommends updating to 1.2.7 if possible.

IMPACT
======

* A remote user can crash the KDC.

* A user authenticated in a remote realm may be able to claim to be
  other non-local users to an application server.

* It may be possible for a user to gain access to the KDC system and
  database.

AFFECTED SOFTWARE
=================

* All releases of MIT Kerberos 5 before 1.2.5.

FIX
===

MIT recommends updating to release 1.2.5 or later, preferably to the
latest release.  Patches specifically to fix these problems are not
available at this time.

This announcement and related security advisories may be found on the
MIT Kerberos security advisory page at:

	http://web.mit.edu/kerberos/www/advisories/index.html

The main MIT Kerberos web page is at:

	http://web.mit.edu/kerberos/www/index.html

ACKNOWLEDGMENTS
===============

Thanks to greg pryzby, Joseph Sokol-Margolis, Gerald Britton, E. Larry
Lidz, and CERT for reporting these problems.

DETAILS
=======

Problem 1: KDC null pointer dereferences
________________________________________

Certain protocol requests, compliant with the protocol encoding scheme
but indicative of a client system most likely configured incorrectly,
can crash a KDC with a null pointer dereference.  We do not believe
any exploit to gain access to the KDC or otherwise alter its behavior
is possible on systems without storage mapped at address zero.  We
have not explored the effects of this on a system with mapped memory
at address zero.

The fallback and retransmit algorithm used in the MIT krb5 library
will cause an application not receiving a reply from a KDC to try
other KDCs in the same realm; it will iterate through this list a few
times, or until it gets a response.  Thus, one client may take down
multiple KDCs.

We believe this vulnerability is limited to the TGS-REQ exchange, that
is, cases where the user has already authenticated to the KDC or one
with which it shares inter-realm keys.  So (ignoring cases of
well-known passwords) there is an audit trail of sorts, even if it has
to be dug out of a core file, and it is not a simple, scriptable
attack against KDCs in general.

Workarounds:

 - Start your KDC from inittab or a loop in a shell script.  (The
   inittab approach may not work well if the KDC is crashed too often
   in a short span of time.)

Thanks to greg pryzby <GregPryzby@xxxxxxx> for reporting this problem.

Problem 2: realm transit checks
_______________________________

Realms with shared keys can impersonate people in other non-local
realms in certain cases.  It may be exploitable in various ways if
non-local principal names are on critical ACLs.

This vulnerability affects both the KDC and Kerberos application
servers.

This problem was fixed in the 1.2.3 release.  That release also added
a flag to the KDC config file that can be set to refuse untrusted
cross-realm authentication, in case application servers cannot be
updated quickly enough.  This is not recommended as a long-term
solution, because the current model we use says that the application
server is responsible for doing this validation, which allows (for
example) a service on a specific machine (perhaps one set up for
software testing) to be configured to know about authentication paths
known to the maintainer of the service, even if the maintainer of the
KDC does not trust these paths for general use within the realm.
Enforcing this limitation in the KDC takes this option away from the
maintainers of individual machines.

Workarounds:

 - Delete or change inter-realm keys so inter-realm authentication is
   disabled.

 - Remove all non-local principals from all critical ACLs in services
   using old MIT Kerberos code to validate the realm transit path

Thanks to Joseph Sokol-Margolis <seph@xxxxxxx> and Gerald Britton
<gbritton@xxxxxxxxxxxx> for finding this problem.

Problem 3: format strings
_________________________

Older versions of the MIT KDC used strings containing Kerberos
principal names as printf-style format strings in logging routines.

At least some cases do not require successful authentication, so this
can be used as a remote, anonymous attack.

It is easy to crash the KDC with this exploit.  We do not know of any
exploits to gain access to the host system, but we do not rule out the
possibility.

Workarounds: See under problem 1.  ***However, these do not address
the host access possibility.***

Thanks to E. Larry Lidz <ellidz@xxxxxxxxxxxxxxxxxx> for discovering
this problem.

Problem 4: bounds checking on data sizes
________________________________________

Some of our code does not do bounds checking on lengths before
allocating storage.  On some systems, attempting to allocate large
negative amounts of storage can crash the program.  Thus, some bogus
packets may crash the KDC or an application server using Kerberos.  We
do not believe this can be exploited to gain access to the host
system.

Workarounds:

 - start KDC in a loop in a script, or from inittab

 - do likewise for any server processes that need to handle multiple
   client connections

Thanks to CERT for bringing this to our attention.

REVISION HISTORY
================

2003-01-28	original release

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+Nvz7UqOaDMQ+e5gRAsTXAKDnR5W9BAF29BN+LTA6Vf0VE8IEaACffUxa
q3ZwHRinV/lW5Hc1pgvxI3U=
=KrXi
- -----END PGP SIGNATURE-----




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface

iQEVAgUBPjf8iuI9ttyl3QPRAQGAjAgA0k16zf3TjESYu+/rYRKDCMkMYEJ7vGxY
9gWWArpNN83FEaRpI29LBnqYZM/mXadEFqDj4jKYgL1TYAH5F77rAdeiCWj1lRuf
8O5HqVPP5cWaAfYEkiRy73UL9O3hR7ivss64L7jciylMJGpZMklMn3zkLR7GDDBT
u7OgsgA11Abwqy+S6lZjGS3AFGMwzLIIrZQZDdghHdClz1xFP9WJVkFIzSfs30jy
sMletGyn+tkB0nTS/GCLEe5gAY2wf0urVCXh6OPJqNJDlkA4Drfib7/3Yq7Q2dps
anLk1GttrbEy36BvhtXJ93bEqlP8JXvO/V38BJgTBTKkGqsIS359ZQ==
=5Tjv
-----END PGP SIGNATURE-----
Prev by Date: [Debian] Schwachstelle im dhcp3 Paket - DSA 245-1
Next by Date: [HP-UX] Schwachstellen in Java - HPSBUX0301-239
Previous by thread: [Debian] Schwachstelle im dhcp3 Paket - DSA 245-1
Next by thread: [HP-UX] Schwachstellen in Java - HPSBUX0301-239
Index(es):
- Date
- Thread