|
|
|
|
| |
Credit:
The information has been provided by Jeff Blaine, Radoslav Bodo, Jakob Haufe, and Jorgen Wahlsten.
The original article can be found at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-003.txt
|
| |
Vulnerable Systems:
* MIT krb5 version 1.7
Immune Systems:
* MIT krb5 version 1.7.1
A null pointer dereference can occur in an error condition in the KDC cross-realm referral processing code in MIT krb5-1.7. This can cause the KDC to crash.
This is an implementation vulnerability in MIT krb5, and is not a vulnerability in the Kerberos protocol.
Workaround:
Disable the realm referral capability by using the
"no_host_referral = *" setting, e.g.
[kdcdefaults]
no_host_referral = *
or
[realms]
EXAMPLE.COM = {
# ... other configuration settings ...
no_host_referral = *
}
* Apply the patch:
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 298e132..12180ff 100644
- --- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -1158,7 +1158,7 @@ prep_reprocess_req(krb5_kdc_req *request, krb5_principal
*krbtgt_princ)
free(temp_buf);
if (retval) {
/* no match found */
- - kdc_err(kdc_context, retval, 0);
+ kdc_err(kdc_context, retval, "unable to find realm of
host");
goto cleanup;
}
if (realms == 0) {
diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c index efff818..ef3735a 100644
- --- a/src/lib/kadm5/logger.c
+++ b/src/lib/kadm5/logger.c
@@ -188,6 +188,9 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list
char *cp;
char *syslogp;
+ if (whoami == NULL || format == NULL)
+ return;
+
/* Make the header */
snprintf(outbuf, sizeof(outbuf), "%s: ", whoami);
/*
CVE Information:
CVE-2009-3295
|
|
|
|
|
