|
|
|
![]() |
Vulnerability Note VU#686862MIT Kerberos 5 krb5_aname_to_localname() contains several heap overflowsOverviewMIT Kerberos 5 contains several heap buffer overflow vulnerabilities in code that translates Kerberos principal names to local UNIX account names. An authenticated, remote attacker could execute arbitrary code on a vulnerable system with root privileges.I. DescriptionMIT Kerberos 5 contains several heap buffer overflow vulnerabilities in a library that translates Kerberos principal names to local UNIX account names. From MIT krb5 Security Advisory 2004-001:krb5_aname_to_localname() translates a Kerberos principal name to a local account name, typically a UNIX username. In the file src/lib/krb5/os/an_to_ln.c, the helper functions aname_replacer(), do_replacement(), and rule_an_to_ln() do not perform adequate checks of the lengths of strings which contain the name of the principal whose authorization is being checked.
Only kerberos enabled services that enable explicit or rules-based krb5_aname_to_localname() mapping are vulnerable. In the case of the explicit mapping vulnerability, the attacker would need to authenticate using a principal name that is present in the explicit mapping list. In the case of the rules-based mapping vulnerabilities, the attacker would need the ability to create specially crafted principal names in the local realm or in a realm accessible via cross-realm authentication. II. ImpactAn authenticated, remote attacker could execute arbitrary code on a system using krb5_aname_to_localname() mapping. The vulnerable library is loaded by services that use Kerberos authentication (e.g., telnetd, klogind), and in most cases these services run with root privileges.III. SolutionApply a patch or upgrade
References
This vulnerability was reported by the MIT Kerberos Development Team. This document was written by Art Manion.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||