MIT Kerberos 5 contains several heap buffer overflow vulnerabilities in code that translates Kerberos principal names to local UNIX account names. An authenticated, remote attacker could execute arbitrary code on a vulnerable system with root privileges.
MIT Kerberos 5 contains several heap buffer overflow vulnerabilities in a library that translates Kerberos principal names to local UNIX account names. From MIT krb5 Security Advisory 2004-001:
krb5_aname_to_localname() translates a Kerberos principal name to a local account name, typically a UNIX username. In the file src/lib/krb5/os/an_to_ln.c, the helper functions aname_replacer(), do_replacement(), and rule_an_to_ln() do not perform adequate checks of the lengths of strings which contain the name of the principal whose authorization is being checked.
An authenticated, remote attacker could execute arbitrary code on a system using krb5_aname_to_localname() mapping. The vulnerable library is loaded by services that use Kerberos authentication (e.g., telnetd, klogind), and in most cases these services run with root privileges.
Apply a patch or upgrade
Apple Computer Inc. Affected
MIT Kerberos Development Team Affected
Trustix Secure Linux Affected
Microsoft Corporation Not Affected
SuSE Inc. Not Affected
WRQ Not Affected
Cray Inc. Unknown
EMC Corporation Unknown
Guardian Digital Inc. Unknown
Heimdal Kerberos Project Unknown
Hewlett-Packard Company Unknown
Ingrian Networks Unknown
Juniper Networks Unknown
KTH Kerberos Development Team Unknown
MontaVista Software Unknown
NEC Corporation Unknown
Openwall GNU/*/Linux Unknown
Red Hat Inc. Unknown
Sony Corporation Unknown
Sun Microsystems Inc. Unknown
Wind River Systems Inc. Unknown
This vulnerability was reported by the MIT Kerberos Development Team.
This document was written by Art Manion.
|Date First Published:||2004-06-02|
|Date Last Updated:||2004-06-28 21:41 UTC|