From tlyu@MIT.EDU Fri Mar 1 00:06:20 2002 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id AAA03061 for ; Fri, 1 Mar 2002 00:06:20 -0500 (EST) Received: from saint-elmos-fire.mit.edu (SAINT-ELMOS-FIRE.MIT.EDU [18.18.0.248]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id AAA24163 for ; Fri, 1 Mar 2002 00:06:20 -0500 (EST) Received: (from tlyu@localhost) by saint-elmos-fire.mit.edu (8.9.3) id AAA22363; Fri, 1 Mar 2002 00:06:19 -0500 (EST) To: kerberos-announce@MIT.EDU Subject: krb5-1.2.4 is released From: Tom Yu Date: 01 Mar 2002 00:06:19 -0500 Message-ID: Lines: 59 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: kerberos-announce-admin@mit.edu Errors-To: kerberos-announce-admin@mit.edu X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.0 Precedence: bulk Reply-To: krbdev@mit.edu List-Help: List-Post: List-Subscribe: , List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.2.4. This release is a patch release; some non-critical bugs and feature requests have not been incorporated. We have focussed mainly on important security fixes and usability fixes. Please see below for a list of some changes since release 1.2.3, or consult the README file in the source tree. RETRIEVING KERBEROS 5 RELEASE 1.2.4 =================================== You may retrieve the Kerberos 5 Release 1.2.4 source from the following URL: http://web.mit.edu/network/kerberos-form.html Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/www/index.html MAJOR CHANGES SINCE RELEASE 1.2.4 ================================= * The one-character bug introduced into the login.krb5 program that caused 8-character usernames to be rejected in some circumstances has been fixed. * The handling of key version numbers has been modified in places. The current formats of the keytab and srvtab files, as well as parts of the remote kadmin protocol, handle key version numbers as 8-bit quantities, when in fact they are 32-bit quantities; the modifications attempt to work around these deficiencies to some degree. * Some issues with multiple enctype support in GSSAPI credential forwarding have been fixed. Minor changes: * A few compilation problems have been fixed. * New test cases have been added to the test suite to exercise some of the new changes. ========================= Tom Yu MIT Information Systems Kerberos Development Team -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBPH8MBabDgE/zdoE9AQEPOwP+N/r/Z1VvBqsaoxajsH5TDs1bHZM6UFva NGnQTsW988HTNLESSNuLem3tnNiLdnFZ/uydA+c1i9nhVJPmX6Y2SWdLIPYJz55G gEkd9qp+xFvhklYD+Qc3PYCj2n15If4anwEQSK4zpYJ541e76hjTw4thPu/bH5K8 As5CZi15Px4= =fBoI -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Apr 30 16:32:54 2002 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id QAA16423 for ; Tue, 30 Apr 2002 16:32:54 -0400 (EDT) Received: from saint-elmos-fire.mit.edu (SAINT-ELMOS-FIRE.MIT.EDU [18.18.0.248]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id QAA11228 for ; Tue, 30 Apr 2002 16:32:54 -0400 (EDT) Received: (from tlyu@localhost) by saint-elmos-fire.mit.edu (8.9.3) id QAA18554; Tue, 30 Apr 2002 16:32:53 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: krb5-1.2.5 is released From: Tom Yu Date: 30 Apr 2002 16:32:53 -0400 Message-ID: Lines: 50 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: kerberos-announce-admin@mit.edu Errors-To: kerberos-announce-admin@mit.edu X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.0 Precedence: bulk Reply-To: krbdev@mit.edu List-Help: List-Post: List-Subscribe: , List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.2.5. This release is a patch release; some non-critical bugs and feature requests have not been incorporated. Please see below for a list of some changes since release 1.2.4, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.2.5 =================================== You may retrieve the Kerberos 5 Release 1.2.5 source from the following URL: http://web.mit.edu/network/kerberos-form.html Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/www/index.html MAJOR CHANGES SINCE RELEASE 1.2.4 ================================= * On MacOS X and on Windows, we have reduced the set of exported symbol names in order to move towards a stable API in the future. * For Heimdal (and possibly Microsoft) compatibility, we now accept encrypted delegated credentials in gssapi. Historically, the MIT implementation has sent delegated gssapi credentials "in the clear", but still encrypted in the AP-REQ. * IP address checks have been removed from rd_cred; this improves compatibility with Heimdal. ========================= Tom Yu MIT Information Systems Kerberos Development Team -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQCVAwUBPM7/WKbDgE/zdoE9AQFzRAP/dxCJIvolA3YK+ZPquAFmAgs6cj8YBwPB E1j6nIQB5ZN1p+k3WLnpHRsBMtChJsL92FIq4WUQn5QmpVu81jyBjDmrGMcgzaRr BF03BQxSWRa/whBdv/frqPzNVyxSHQV0etNqgPlHduLcZB0ZBDJcGpMWq387Ff9S cZVYU2vAEg4= =dk+J -----END PGP SIGNATURE----- From tlyu@MIT.EDU Fri Aug 2 14:24:28 2002 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id OAA15389 for ; Fri, 2 Aug 2002 14:24:28 -0400 (EDT) Received: from saint-elmos-fire.mit.edu (SAINT-ELMOS-FIRE.MIT.EDU [18.18.0.248]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id OAA22671 for ; Fri, 2 Aug 2002 14:24:28 -0400 (EDT) Received: (from tlyu@localhost) by saint-elmos-fire.mit.edu (8.9.3) id OAA07839; Fri, 2 Aug 2002 14:24:25 -0400 (EDT) To: kerberos-announce@MIT.EDU Cc: bugtraq@securityfocus.com Subject: MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin system From: Tom Yu Date: Fri, 02 Aug 2002 14:24:24 -0400 Message-ID: Lines: 116 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: kerberos-announce-admin@mit.edu Errors-To: kerberos-announce-admin@mit.edu X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.0 Precedence: bulk Reply-To: krbdev@mit.edu List-Help: List-Post: List-Subscribe: , List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2002-001 2002-08-02 Topic: Remote root vulnerability in MIT krb5 admin system Severity: Remote user may be able to gain root access to a KDC host. SUMMARY ======= There is an integer overflow bug in the SUNRPC-derived RPC library used by the Kerberos 5 administration system that could be exploited to gain unauthorized root access to a KDC host. It is believed that the attacker needs to be able to authenticate to the kadmin daemon for this attack to be successful. No exploits are known to exist yet. IMPACT ====== A remote attacker can potentially execute arbitrary code on the KDC with the privileges of the user running the kadmin daemon (usually root). This can lead to compromise of the Kerberos database. AFFECTED SOFTWARE ================= All releases of MIT Kerberos 5, up to and including krb5-1.2.5. FIXES ===== Apply the following patch to src/lib/rpc/xdr_array.c: Index: xdr_array.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/rpc/xdr_array.c,v retrieving revision 1.5 diff -c -r1.5 xdr_array.c *** xdr_array.c 1998/02/14 02:27:23 1.5 - --- xdr_array.c 2002/08/02 17:25:05 *************** *** 75,81 **** return (FALSE); } c = *sizep; ! if ((c > maxsize) && (xdrs->x_op != XDR_FREE)) { return (FALSE); } nodesize = c * elsize; - --- 75,82 ---- return (FALSE); } c = *sizep; ! if ((c > maxsize || c > LASTUNSIGNED / elsize) ! && (xdrs->x_op != XDR_FREE)) { return (FALSE); } nodesize = c * elsize; and rebuild your tree. The patch was generated against krb5-1.2.5; patches to other releases may apply with some offset. This patch may also be found at: http://web.mit.edu/kerberos/www/advisories/2002-001-xdr_array_patch.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/www/advisories/2002-001-xdr_array_patch.txt.asc This announcement and code patches related to it may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/www/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/www/index.html ACKNOWLEDGMENTS =============== Thanks to ISS for discovery of the vulnerability. Thanks to Jeffrey Hutzelman for assistance in discovering the particulars of this bug. DETAILS ======= The xdr_array() decoder computes the value of the NODESIZE variable in a way that can lead to integer overflow. An attacker can construct an XDR encoding that will take advantage of this integer overflow in order to overflow the allocated heap buffer, depending on the specifics of the caller of the xdr_array() function. The uses of xdr_array() in the kadm5 library, which implements the Kerberos 5 adminstration protocol, are unsafe in an environment where this bug exists. A remote user may be able to use the buffer overflow to execute arbitrary code on the KDC host, possibly leading to unauthorized root access. It is believed that the remote user must first successfully authenticate to the kadmin daemon in order to exercise this vulnerability, though the user may not need to posess any special privileges. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBPUrNEqbDgE/zdoE9AQHSPgQAlGS7HO8TZ1BHwek+niF5hA7exEt9Z8IA fvxGpqirHciJQTfmBUiJhXhCTqosFgftQzt9KyvXmfMS3InZxAEmB7ahkevuBYkO FvfWyA3Ew8J3bGhBJis1xTMFebb1N0crDH3rRjUGZApQ7uJNZ+9nQo41+P0+z3uD yqpAbP9HTnw= =MqNV -----END PGP SIGNATURE----- From mjv@MIT.EDU Fri Aug 23 17:41:56 2002 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id RAA25208; Fri, 23 Aug 2002 17:41:55 -0400 (EDT) Received: from central-city-carrier-station.mit.edu (CENTRAL-CITY-CARRIER-STATION.MIT.EDU [18.7.7.72]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id RAA09213; Fri, 23 Aug 2002 17:41:55 -0400 (EDT) Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86]) by central-city-carrier-station.mit.edu (8.9.2/8.9.2) with ESMTP id RAA18405; Fri, 23 Aug 2002 17:41:54 -0400 (EDT) Received: from [18.18.1.144] (ETTLINGER-TOR.MIT.EDU [18.18.1.144]) by melbourne-city-street.mit.edu (8.9.2/8.9.2) with ESMTP id RAA10505; Fri, 23 Aug 2002 17:41:54 -0400 (EDT) Mime-Version: 1.0 X-Sender: mjv@hesiod (Unverified) Message-Id: Date: Fri, 23 Aug 2002 17:30:30 -0400 To: kerberos-announce@MIT.EDU From: Marshall Vale Subject: Kerberos for Macintosh 4.0.2 released Cc: krbdev@MIT.EDU Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: kerberos-announce-admin@mit.edu Errors-To: kerberos-announce-admin@mit.edu X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.0 Precedence: bulk Reply-To: krbdev@mit.edu List-Help: List-Post: List-Subscribe: , List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: The MIT MacDev team is pleased to announce the availability of Kerberos for Macintosh 4.0.2. This release is available from the MIT Kerberos site: Follow the "Getting Kerberos from MIT" link. All feedback and bug reports for Kerberos for Macintosh 4.0.2 should be sent to Overview -------- Kerberos for Macintosh 4.0.2 is a maintenance update release for both Mac OS 8 & 9 and Mac OS X. The distribution download includes both KfM 4.0.2 for Mac OS 8 & 9 and KfM 4.0.2 for Mac OS X. Both installers and separate binaries are included in the distribution. Kerberos for Macintosh 4.0.2 for the Mac OS 8 & 9 requires a PowerPC Macintosh with Mac OS 8.1 or later. KfM 4.0.2 for Mac OS X requires Mac OS X 10.1.2 through 10.1.5; KfM 4.0.2 is not compatible with Mac OS X 10.2 ("Jaguar"), which ships with a later version of KfM - use the 10.2 built in Kerberos with the Mac OS X 10.2 Kerberos Extras instead. This is a final release, and does not expire. Changes since Kerberos For Macintosh 4.0.1 ------------------------------------------ * Mac OS X/9: Changes to Classic ticket sharing for compatibility with Mac OS X 10.2 Kerberos * Mac OS X/9: Memory leak when destroying tickets fixed * Mac OS X: Pasting password into Kerberos Login dialog now enables OK button. Ticket Sharing Between Mac OS X and Classic ------------------------------------------- The ticket sharing in KfM 4.0.2 for Mac OS 8 & 9 is compatible with both KfM 4.0.2 for Mac OS X on Mac OS X 10.1, and with the built-in Kerberos of Mac OS X 10.2. If you are using Classic ticket sharing on Mac OS X 10.2, it is essential you upgrade to KfM 4.0.2 on the Classic side. KfM 4.0.2 for Mac OS 8 & 9 is not compatible with KfM 4.0 for Mac OS X; if you upgrade to KfM 4.0.2 on the Classic side, you must upgrade your Mac OS X side to KfM 4.0.2 as well. However, it is not critical to upgrade to KfM 4.0.2 if you are still using Mac OS X 10.1. When an application running under Classic needs to display the Kerberos Login dialog, the Mac OS X dialog will appear. The Mac OS 9 version of KfM 4.0.2 detects whether it is running under Mac OS X/Classic or regular Mac OS 9.x and automatically enables support for ticket sharing when possible. Distribution Info ----------------- At this point in time, this release is available as a single package which includes installers, binaries, and SDKs. The installers install binaries for people to use with their applications in their environments. The separate binaries are intended for sites who need to create their own installers. The SDKs are for application and library programmers to add Kerberos functionality to their code or update to newer versions of the various Kerberos APIs. From mjv@MIT.EDU Fri Aug 23 17:43:29 2002 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id RAA25238; Fri, 23 Aug 2002 17:43:29 -0400 (EDT) Received: from central-city-carrier-station.mit.edu (CENTRAL-CITY-CARRIER-STATION.MIT.EDU [18.7.7.72]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id RAA09226; Fri, 23 Aug 2002 17:41:56 -0400 (EDT) Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86]) by central-city-carrier-station.mit.edu (8.9.2/8.9.2) with ESMTP id RAA18417; Fri, 23 Aug 2002 17:41:56 -0400 (EDT) Received: from [18.18.1.144] (ETTLINGER-TOR.MIT.EDU [18.18.1.144]) by melbourne-city-street.mit.edu (8.9.2/8.9.2) with ESMTP id RAA10521; Fri, 23 Aug 2002 17:41:55 -0400 (EDT) Mime-Version: 1.0 X-Sender: mjv@hesiod (Unverified) Message-Id: Date: Fri, 23 Aug 2002 17:41:45 -0400 To: kerberos-announce@MIT.EDU From: Marshall Vale Subject: Mac OS X 10.2 Kerberos Extras released Cc: krbdev@MIT.EDU Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: kerberos-announce-admin@mit.edu Errors-To: kerberos-announce-admin@mit.edu X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.0 Precedence: bulk Reply-To: krbdev@mit.edu List-Help: List-Post: List-Subscribe: , List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: The MIT MacDev team is pleased to announce the availability of Mac OS X 10.2 Kerberos Extras. This package is available from the MIT Kerberos for Macintosh site: All feedback and bug reports for Mac OS X 10.2 Kerberos Extras should be sent to Overview -------- While Mac OS X 10.2 ships with most parts of Kerberos for Macintosh, it does not include support for CFM-based Kerberos-using applications (such as Eudora and Fetch), and the GUI Kerberos management application is located in a hard-to-find location. The Mac OS X 10.2 Kerberos Extras installer will install the Kerberos CFM support library and make an alias to the GUI Kerberos Management application in /Applications/Utilities (the Kerberos application ships in /System/Library/CoreSevices ). The installer will also install a sample preferences file (edu.mit.Kerberos) if one does not already exist. The Mac OS X 10.2 Kerberos Extras requires a Macintosh computer with Mac OS X 10.2. Distribution Info ----------------- This release is available as a single installer which installs the client binaries. Source for the installer for sites to customize if necessary will be released soon. From tlyu@MIT.EDU Thu Sep 12 17:19:19 2002 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id RAA05253 for ; Thu, 12 Sep 2002 17:19:19 -0400 (EDT) Received: from saint-elmos-fire.mit.edu (SAINT-ELMOS-FIRE.MIT.EDU [18.18.0.248]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id RAA02929 for ; Thu, 12 Sep 2002 17:19:19 -0400 (EDT) Received: (from tlyu@localhost) by saint-elmos-fire.mit.edu (8.9.3) id RAA18272; Thu, 12 Sep 2002 17:19:19 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: krb5-1.2.6 is released From: Tom Yu Date: Thu, 12 Sep 2002 17:19:14 -0400 Message-ID: Lines: 48 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id RAA05253 Sender: kerberos-announce-admin@mit.edu Errors-To: kerberos-announce-admin@mit.edu X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.0 Precedence: bulk Reply-To: krbdev@mit.edu List-Help: List-Post: List-Subscribe: , List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.2.6. This release is a patch release; some non-critical bugs and feature requests have not been incorporated. Please see below for a list of some changes since release 1.2.5, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.2.6 =================================== You may retrieve the Kerberos 5 Release 1.2.6 source from the following URL: http://web.mit.edu/network/kerberos-form.html Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/www/index.html MAJOR CHANGES SINCE RELEASE 1.2.5 ================================= * The security vulnerability in xdr_array() [MITKRB5-SA-2002-001] has been patched. Thanks to Jeffrey Hutzelman and Nikolai Zeldovich. * A NULL pointer dereference in kadmind has been fixed [krb5-admin/1140]. Thanks to Mark Levinson. * There was a botched buffer overflow patch in kadmind4 that caused problems with kadmind4 acl handling. It has been fixed. Thanks to Mark Silis. * Correct ETYPE_INFO padata are now generated. Thanks to Lubos Kejzlar. * A bug in AFS salt handling has been worked around. [krb5-clients/1146] Thanks to Wolfgang Friebel. * Various fixes have been made to the principal database code to prevent some types of database corruption, and rudimentary repair facilities for certain types of corruption now exist. ========================= Tom Yu MIT Information Systems Kerberos Development Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iD8DBQE9gQTWSO8fWy4vZo4RAiq9AKC1//Lz+xqqEYUzYbjqklvU5oJNAQCfU590 blCuBpTSbrcS+HFw3uCQ5MM= =09f7 -----END PGP SIGNATURE----- From mjv@MIT.EDU Thu Sep 26 15:47:14 2002 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id PAA11339; Thu, 26 Sep 2002 15:47:14 -0400 (EDT) Received: from grand-central-station.mit.edu (GRAND-CENTRAL-STATION.MIT.EDU [18.7.21.82]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id PAA17790; Thu, 26 Sep 2002 15:47:13 -0400 (EDT) Received: from sunscreen.mit.edu (SUNSCREEN.MIT.EDU [18.7.21.94]) by grand-central-station.mit.edu (8.9.2/8.9.2) with ESMTP id PAA21038; Thu, 26 Sep 2002 15:47:13 -0400 (EDT) Received: from [18.18.1.144] (ETTLINGER-TOR.MIT.EDU [18.18.1.144]) (authenticated bits=0) by sunscreen.mit.edu (8.12.4/8.12.4) with ESMTP id g8QJlCTc010446; Thu, 26 Sep 2002 15:47:13 -0400 (EDT) Mime-Version: 1.0 X-Sender: mjv@hesiod Message-Id: Date: Thu, 26 Sep 2002 15:48:11 -0400 To: kerberos-announce@MIT.EDU From: Marshall Vale Subject: Kerberos for Macintosh 4.0.3 released Cc: krbdev@MIT.EDU Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: kerberos-announce-admin@mit.edu Errors-To: kerberos-announce-admin@mit.edu X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.0 Precedence: bulk Reply-To: krbdev@mit.edu List-Help: List-Post: List-Subscribe: , List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: The MIT MacDev team is pleased to announce the availability of Kerberos for Macintosh 4.0.3. This release is available from the MIT Kerberos site: Follow the "Getting Kerberos Sources and Binaries from MIT" link. All feedback and bug reports for Kerberos for Macintosh 4.0.3 should be sent to Overview -------- Kerberos for Macintosh 4.0.3 is a maintenance update release for both Mac OS 8 & 9 and Mac OS X 10.1. The distribution download includes both KfM 4.0.3 for Mac OS 8 & 9 and KfM 4.0.3 for Mac OS X 10.1. Both installers and separate binaries are included in the distribution. This is a final release, and does not expire. Installer source will follow soon. System Requirements ------------------- Kerberos for Macintosh 4.0.3 for the Mac OS 8 & 9 requires a PowerPC Macintosh with Mac OS 8.1 or later. KfM 4.0.3 for Mac OS X requires Mac OS X 10.1.2 through 10.1.5 KfM 4.0.3 for Mac OS X is not compatible with Mac OS X 10.2 ("Jaguar"), which ships with a later version of KfM - use the 10.2 built in Kerberos with the Mac OS X 10.2 Kerberos Extras instead. Changes since Kerberos For Macintosh 4.0.2 ------------------------------------------ * Mac OS 9: Fixed typing slow down in other applications when you had Kerberos tickets. * Mac OS 9: Preferences tabs of Kerberos Control Panel are labelled correctly under Classic. * Mac OS X/9: Improved ticket sharing synchronization issues when using the Kerberos Menu under Classic. Ticket Sharing Between Mac OS X and Classic ------------------------------------------- The ticket sharing in KfM 4.0.3 for Mac OS 8 & 9 is compatible with both KfM 4.0.3 for Mac OS X on Mac OS X 10.1, and with the built-in Kerberos of Mac OS X 10.2. If you are using Classic ticket sharing on Mac OS X 10.2, it is essential you upgrade to KfM 4.0.3 on the Classic side. KfM 4.0.3 for Mac OS 8 & 9 is not compatible with KfM 4.0 for Mac OS X 10.1; if you upgrade to KfM 4.0.3 on the Classic side, you must upgrade your Mac OS X 10.1 side to KfM 4.0.3 as well. When an application running under Classic needs to display the Kerberos Login dialog, the Mac OS X dialog will appear. The Mac OS 9 version of KfM 4.0.3 detects whether it is running under Mac OS X/Classic or regular Mac OS 9.x and automatically enables support for ticket sharing when possible. Distribution Info ----------------- At this point in time, this release is available as a single package which includes installers, binaries, and SDKs. The installers install binaries for people to use with their applications in their environments. The separate binaries are intended for sites who need to create their own installers. The SDKs are for application and library programmers to add Kerberos functionality to their code or update to newer versions of the various Kerberos APIs. From tlyu@MIT.EDU Wed Oct 23 00:06:28 2002 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id AAA21432 for ; Wed, 23 Oct 2002 00:06:28 -0400 (EDT) Received: from saint-elmos-fire.mit.edu (SAINT-ELMOS-FIRE.MIT.EDU [18.18.0.248]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id AAA27474 for ; Wed, 23 Oct 2002 00:06:28 -0400 (EDT) Received: (from tlyu@localhost) by saint-elmos-fire.mit.edu (8.9.3) id AAA15449; Wed, 23 Oct 2002 00:06:25 -0400 (EDT) To: kerberos-announce@MIT.EDU Cc: bugtraq@securityfocus.com Subject: MITKRB5-SA-2002-002: Buffer overflow in kadmind4 From: Tom Yu Date: Wed, 23 Oct 2002 00:06:25 -0400 Message-ID: Lines: 138 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: kerberos-announce-admin@mit.edu Errors-To: kerberos-announce-admin@mit.edu X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.0 Precedence: bulk Reply-To: krbdev@mit.edu List-Help: List-Post: List-Subscribe: , List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2002-002 2002-10-22 Topic: Buffer overflow in kadmind4 Severity: CRITICAL - Remote user can gain root access to KDC host. SUMMARY ======= A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the MIT krb5 distribution can be exploited to gain unauthorized root access to a KDC host. The attacker does not need to authenticate to the daemon to successfully perform this attack. At least one exploit is known to exist in the wild. The kadmind4 supplied with MIT krb5 is intended for use in sites that require compatibility with legacy administrative clients; sites that do not have this requirement are not likely to be running this daemon. IMPACT ====== A remote attacker can execute arbitrary code on the KDC with the privileges of the user running kadmind4 (usually root). This can lead to compromise of the Kerberos database. AFFECTED SOFTWARE ================= * All releases of MIT Kerberos 5, up to and including krb5-1.2.6. * All Kerberos 4 implementations derived from MIT Kerberos 4, including Cygnus Network Security (CNS). FIXES ===== Apply the following patch to src/kadmin/v4server/kadm_ser_wrap.c: Index: kadm_ser_wrap.c =================================================================== RCS file: /cvs/krbdev/krb5/src/kadmin/v4server/kadm_ser_wrap.c,v retrieving revision 1.10.4.1 diff -c -r1.10.4.1 kadm_ser_wrap.c *** kadm_ser_wrap.c 2000/05/23 21:44:50 1.10.4.1 - --- kadm_ser_wrap.c 2002/10/22 22:07:11 *************** *** 170,183 **** u_char *retdat, *tmpdat; int retval, retlen; ! if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) { errpkt(dat, dat_len, KADM_BAD_VER); return KADM_BAD_VER; } in_len = KADM_VERSIZE; /* get the length */ ! if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0) return KADM_LENGTH_ERROR; in_len += retc; authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(krb5_ui_4); memcpy((char *)authent.dat, (char *)(*dat) + in_len, authent.length); - --- 170,190 ---- u_char *retdat, *tmpdat; int retval, retlen; ! if ((*dat_len < KADM_VERSIZE + sizeof(krb5_ui_4)) ! || strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) { errpkt(dat, dat_len, KADM_BAD_VER); return KADM_BAD_VER; } in_len = KADM_VERSIZE; /* get the length */ ! if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0 ! || (r_len > *dat_len - KADM_VERSIZE - sizeof(krb5_ui_4)) ! || (*dat_len - r_len - KADM_VERSIZE - ! sizeof(krb5_ui_4) > sizeof(authent.dat))) { ! errpkt(dat, dat_len, KADM_LENGTH_ERROR); return KADM_LENGTH_ERROR; + } + in_len += retc; authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(krb5_ui_4); memcpy((char *)authent.dat, (char *)(*dat) + in_len, authent.length); The patch was generated against krb5-1.2.6; patches to other releases may apply with some offset. This patch may also be found at: http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_patch.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_patch.txt.asc This announcement and code patches related to it may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/www/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/www/index.html ACKNOWLEDGMENTS =============== Thanks to Johan Danielsson and Love Hornquist-Astrand for alerting us to this problem and providing us with an initial patch. Thanks to Assar Westerlund for further assistance in developing the patch. DETAILS ======= The function kadm_ser_in() is passed an allocated buffer (containing a request read from the network) and its length. From this buffer, it reads an 8-byte version string followed by a 4-byte length. This length field is not checked; an attacker can construct a request that will cause authent.length to become negative or to become greater than sizeof(authent.dat). Both cases can cause the following call to memcpy() to overflow authent.dat, which is a buffer on the stack. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBPbYaj6bDgE/zdoE9AQHYRwP9GJFVcvLfyOgeAXEpWqnQS/RdH5PwOCoi 7+6P2jILef1glCfqNmGfJK2kCh5pN8cioplYUgG2XLC1ATHSQoy18ldByfeU9mwJ ae5GV0K8v7LifpMqPobxCHQdzNi02xjZtiLbQTH/8ACtYLn+rS7ZbtfrVti5bWy9 juJ+NZDS4RA= =5VQa -----END PGP SIGNATURE----- From tlyu@MIT.EDU Fri Oct 25 20:11:51 2002 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id UAA05491 for ; Fri, 25 Oct 2002 20:11:51 -0400 (EDT) Received: from saint-elmos-fire.mit.edu (SAINT-ELMOS-FIRE.MIT.EDU [18.18.0.248]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id UAA24617 for ; Fri, 25 Oct 2002 20:11:51 -0400 (EDT) Received: (from tlyu@localhost) by saint-elmos-fire.mit.edu (8.9.3) id UAA29200; Fri, 25 Oct 2002 20:11:51 -0400 (EDT) To: kerberos-announce@MIT.EDU Cc: bugtraq@securityfocus.com Subject: Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4 From: Tom Yu Date: Fri, 25 Oct 2002 20:11:51 -0400 Message-ID: Lines: 156 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: kerberos-announce-admin@mit.edu Errors-To: kerberos-announce-admin@mit.edu X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.0 Precedence: bulk Reply-To: krbdev@mit.edu List-Help: List-Post: List-Subscribe: , List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2002-002 [updated] 2002-10-25 [updated; revision history at end] Original Release Date: 2002-10-22 Topic: Buffer overflow in kadmind4 Severity: CRITICAL - Remote user can gain root access to KDC host. SUMMARY ======= A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the MIT krb5 distribution can be exploited to gain unauthorized root access to a KDC host. The attacker does not need to authenticate to the daemon to successfully perform this attack. At least one exploit is known to exist in the wild, and at least one attacker is reasonably competent at cleaning up traces of intrusion. The kadmind4 supplied with MIT krb5 is intended for use in sites that require compatibility with legacy administrative clients; sites that do not have this requirement are not likely to be running this daemon. IMPACT ====== A remote attacker can execute arbitrary code on the KDC with the privileges of the user running kadmind4 (usually root). This can lead to compromise of the Kerberos database. AFFECTED SOFTWARE ================= * All releases of MIT Kerberos 5, up to and including krb5-1.2.6. * All Kerberos 4 implementations derived from MIT Kerberos 4, including Cygnus Network Security (CNS). This includes KTH Kerberos 4 (eBones). See CERT advisory CA-2002-29. * KTH Heimdal has a similar vulnerability, if Kerberos 4 compatibility is compiled. See CERT advisory CA-2002-29. FIXES ===== Apply the following patch to src/kadmin/v4server/kadm_ser_wrap.c: Index: kadm_ser_wrap.c =================================================================== RCS file: /cvs/krbdev/krb5/src/kadmin/v4server/kadm_ser_wrap.c,v retrieving revision 1.10.4.1 diff -c -r1.10.4.1 kadm_ser_wrap.c *** kadm_ser_wrap.c 2000/05/23 21:44:50 1.10.4.1 - --- kadm_ser_wrap.c 2002/10/22 22:07:11 *************** *** 170,183 **** u_char *retdat, *tmpdat; int retval, retlen; ! if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) { errpkt(dat, dat_len, KADM_BAD_VER); return KADM_BAD_VER; } in_len = KADM_VERSIZE; /* get the length */ ! if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0) return KADM_LENGTH_ERROR; in_len += retc; authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(krb5_ui_4); memcpy((char *)authent.dat, (char *)(*dat) + in_len, authent.length); - --- 170,190 ---- u_char *retdat, *tmpdat; int retval, retlen; ! if ((*dat_len < KADM_VERSIZE + sizeof(krb5_ui_4)) ! || strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) { errpkt(dat, dat_len, KADM_BAD_VER); return KADM_BAD_VER; } in_len = KADM_VERSIZE; /* get the length */ ! if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0 ! || (r_len > *dat_len - KADM_VERSIZE - sizeof(krb5_ui_4)) ! || (*dat_len - r_len - KADM_VERSIZE - ! sizeof(krb5_ui_4) > sizeof(authent.dat))) { ! errpkt(dat, dat_len, KADM_LENGTH_ERROR); return KADM_LENGTH_ERROR; + } + in_len += retc; authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(krb5_ui_4); memcpy((char *)authent.dat, (char *)(*dat) + in_len, authent.length); The patch was generated against krb5-1.2.6; patches to other releases may apply with some offset. This patch may also be found at: http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_patch.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_patch.txt.asc This announcement and code patches related to it may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/www/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/www/index.html ACKNOWLEDGMENTS =============== Thanks to Johan Danielsson and Love Hornquist-Astrand for alerting us to this problem and providing us with an initial patch. Thanks to Assar Westerlund for further assistance in developing the patch. DETAILS ======= The function kadm_ser_in() is passed an allocated buffer (containing a request read from the network) and its length. From this buffer, it reads an 8-byte version string followed by a 4-byte length. This length field is not checked; an attacker can construct a request that will cause authent.length to become negative or to become greater than sizeof(authent.dat). Both cases can cause the following call to memcpy() to overflow authent.dat, which is a buffer on the stack. A note containing descriptions of possible attack signatures is at: http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_attacksig.txt REVISION HISTORY ================ 2002-10-22 original release 2002-10-25 added pointer to note on attack signature, KTH eBones/Heimdal note, and pointer to CERT advisory -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBPbnbF6bDgE/zdoE9AQGwAwQAnmt3jbChHjsaimhlAeJQtakWZmRmevwF M9GkzRyG4ORuWhsTA9ytyRhp9K4QMo+SePBvcNsBuqRJHVwORGu+agau96QMXXfR BhoMlIRqWlWuCsf8wwv+t9FKTdDxrn7+j2jLi9zKB+1MtDp3ENR83C1ee3nzFBe4 kgpaxxGid0Q= =gn6W -----END PGP SIGNATURE----- From tlyu@MIT.EDU Fri Nov 15 16:43:02 2002 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id QAA17366 for ; Fri, 15 Nov 2002 16:43:02 -0500 (EST) Received: from saint-elmos-fire.mit.edu (SAINT-ELMOS-FIRE.MIT.EDU [18.18.0.248]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id QAA10366 for ; Fri, 15 Nov 2002 16:43:01 -0500 (EST) Received: (from tlyu@localhost) by saint-elmos-fire.mit.edu (8.9.3) id QAA25666; Fri, 15 Nov 2002 16:43:01 -0500 (EST) To: kerberos-announce@MIT.EDU Subject: krb5-1.2.7 is released From: Tom Yu Date: Fri, 15 Nov 2002 16:43:00 -0500 Message-ID: Lines: 47 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: kerberos-announce-admin@mit.edu Errors-To: kerberos-announce-admin@mit.edu X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.0 Precedence: bulk Reply-To: krbdev@mit.edu List-Help: List-Post: List-Subscribe: , List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.2.7. This release is a patch release; some non-critical bugs and feature requests have not been incorporated. Please see below for a list of some changes since release 1.2.6, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.2.7 =================================== You may retrieve the Kerberos 5 Release 1.2.7 source from the following URL: http://web.mit.edu/network/kerberos-form.html Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/www/index.html MAJOR CHANGES SINCE RELEASE 1.2.6 ================================= * [1238] The exploitable buffer overflow in kadmind4 [MITKRB5-SA-2002-002] has been patched. Thanks to Johan Danielsson, Love Hornquist-Astrand, and Assar Westerlund. * [1230, 1236] Hierarchical cross-realm has been repaired somewhat. Terminating NUL characters are no longer generated, and are ignored on receipt. ========================= Tom Yu MIT Information Systems Kerberos Development Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iQCVAwUBPdVpQabDgE/zdoE9AQFnYAQAx3JajKLkuOzwo1Bccahk1q+KXH9RBAXz 11uC+K9eFwCh8s4tGthykWym6lYWfCrDvRbYsv/+E0tW3E64fBqwvvbi2AanT42c +nww4HbDhVvzoP1L8/TSPoUXoU4Tf25pejQ9hRzsNTQqh6Npnitt+AuIpqx30HX2 TJr2NAFam9Y= =d1B4 -----END PGP SIGNATURE----- From raeburn@MIT.EDU Tue Jan 28 16:59:58 2003 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id QAA01178 for ; Tue, 28 Jan 2003 16:59:58 -0500 (EST) Received: from grand-central-station.mit.edu (GRAND-CENTRAL-STATION.MIT.EDU [18.7.21.82]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id QAA04158; Tue, 28 Jan 2003 16:59:57 -0500 (EST) Received: from manawatu-mail-centre.mit.edu (MANAWATU-MAIL-CENTRE.MIT.EDU [18.7.7.71])QAA29494; Tue, 28 Jan 2003 16:59:56 -0500 (EST) Received: from all-in-one.mit.edu (ALL-IN-ONE.MIT.EDU [18.18.1.71]) by manawatu-mail-centre.mit.edu (8.9.2/8.9.2) with ESMTP id QAA10166; Tue, 28 Jan 2003 16:58:20 -0500 (EST) Received: (from raeburn@localhost) by all-in-one.mit.edu (8.9.3) id QAA02623; Tue, 28 Jan 2003 16:58:19 -0500 To: kerberos-announce@MIT.EDU From: Ken Raeburn Date: Tue, 28 Jan 2003 16:58:13 -0500 Message-ID: Lines: 168 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id QAA01178 X-Mailman-Approved-At: Tue, 28 Jan 2003 17:01:19 -0500 cc: bugtraq@securityfocus.com Subject: MITKRB5-SA-2003-001: Multiple vulnerabilities in old releases of MIT Kerberos X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Tue, 28 Jan 2003 21:59:59 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2003-001 Original Release Date: 2003-01-28 Topic: Multiple vulnerabilities in old releases of MIT Kerberos Severity: CRITICAL: Remote user can crash KDC, and may be able to forge non-local identities and compromise the KDC or application servers. SUMMARY ======= Multiple vulnerabilities have been found in MIT Kerberos 5 releases prior to release 1.2.5. MIT recommends updating to 1.2.7 if possible. IMPACT ====== * A remote user can crash the KDC. * A user authenticated in a remote realm may be able to claim to be other non-local users to an application server. * It may be possible for a user to gain access to the KDC system and database. AFFECTED SOFTWARE ================= * All releases of MIT Kerberos 5 before 1.2.5. FIX === MIT recommends updating to release 1.2.5 or later, preferably to the latest release. Patches specifically to fix these problems are not available at this time. This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/www/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/www/index.html ACKNOWLEDGMENTS =============== Thanks to greg pryzby, Joseph Sokol-Margolis, Gerald Britton, E. Larry Lidz, and CERT for reporting these problems. DETAILS ======= Problem 1: KDC null pointer dereferences ________________________________________ Certain protocol requests, compliant with the protocol encoding scheme but indicative of a client system most likely configured incorrectly, can crash a KDC with a null pointer dereference. We do not believe any exploit to gain access to the KDC or otherwise alter its behavior is possible on systems without storage mapped at address zero. We have not explored the effects of this on a system with mapped memory at address zero. The fallback and retransmit algorithm used in the MIT krb5 library will cause an application not receiving a reply from a KDC to try other KDCs in the same realm; it will iterate through this list a few times, or until it gets a response. Thus, one client may take down multiple KDCs. We believe this vulnerability is limited to the TGS-REQ exchange, that is, cases where the user has already authenticated to the KDC or one with which it shares inter-realm keys. So (ignoring cases of well-known passwords) there is an audit trail of sorts, even if it has to be dug out of a core file, and it is not a simple, scriptable attack against KDCs in general. Workarounds: - Start your KDC from inittab or a loop in a shell script. (The inittab approach may not work well if the KDC is crashed too often in a short span of time.) Thanks to greg pryzby for reporting this problem. Problem 2: realm transit checks _______________________________ Realms with shared keys can impersonate people in other non-local realms in certain cases. It may be exploitable in various ways if non-local principal names are on critical ACLs. This vulnerability affects both the KDC and Kerberos application servers. This problem was fixed in the 1.2.3 release. That release also added a flag to the KDC config file that can be set to refuse untrusted cross-realm authentication, in case application servers cannot be updated quickly enough. This is not recommended as a long-term solution, because the current model we use says that the application server is responsible for doing this validation, which allows (for example) a service on a specific machine (perhaps one set up for software testing) to be configured to know about authentication paths known to the maintainer of the service, even if the maintainer of the KDC does not trust these paths for general use within the realm. Enforcing this limitation in the KDC takes this option away from the maintainers of individual machines. Workarounds: - Delete or change inter-realm keys so inter-realm authentication is disabled. - Remove all non-local principals from all critical ACLs in services using old MIT Kerberos code to validate the realm transit path Thanks to Joseph Sokol-Margolis and Gerald Britton for finding this problem. Problem 3: format strings _________________________ Older versions of the MIT KDC used strings containing Kerberos principal names as printf-style format strings in logging routines. At least some cases do not require successful authentication, so this can be used as a remote, anonymous attack. It is easy to crash the KDC with this exploit. We do not know of any exploits to gain access to the host system, but we do not rule out the possibility. Workarounds: See under problem 1. ***However, these do not address the host access possibility.*** Thanks to E. Larry Lidz for discovering this problem. Problem 4: bounds checking on data sizes ________________________________________ Some of our code does not do bounds checking on lengths before allocating storage. On some systems, attempting to allocate large negative amounts of storage can crash the program. Thus, some bogus packets may crash the KDC or an application server using Kerberos. We do not believe this can be exploited to gain access to the host system. Workarounds: - start KDC in a loop in a script, or from inittab - do likewise for any server processes that need to handle multiple client connections Thanks to CERT for bringing this to our attention. REVISION HISTORY ================ 2003-01-28 original release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+Nvz7UqOaDMQ+e5gRAsTXAKDnR5W9BAF29BN+LTA6Vf0VE8IEaACffUxa q3ZwHRinV/lW5Hc1pgvxI3U= =KrXi -----END PGP SIGNATURE----- From tlyu@MIT.EDU Mon Mar 17 03:20:58 2003 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8/8.12.8) with ESMTP id h2H8KwFm023900 for ; Mon, 17 Mar 2003 03:20:58 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id DAA16716 for ; Mon, 17 Mar 2003 03:20:58 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.9.3) id DAA11025; Mon, 17 Mar 2003 03:20:57 -0500 (EST) To: kerberos-announce@mit.edu From: Tom Yu Date: Mon, 17 Mar 2003 03:20:57 -0500 Message-ID: Lines: 418 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Mon, 17 Mar 2003 03:22:02 -0500 cc: bugtraq@securityfocus.com Subject: MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Mon, 17 Mar 2003 08:20:59 -0000 -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2003-004 2003-03-17 Topic: Cryptographic weaknesses in Kerberos v4 protocol Severity: CRITICAL SUMMARY ======= A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation included in the MIT krb5 distribution permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These attacks can subvert a site's entire Kerberos authentication infrastructure. Kerberos version 5 does not contain this cryptographic vulnerability. Sites are not vulnerable if they have Kerberos v4 completely disabled, including the disabling of any krb5 to krb4 translation services. IMPACT ====== * An attacker controlling a krb4 shared cross-realm key can impersonate any principal in the remote realm to any service in the remote realm. This can lead to root-level compromise of a KDC, along with compromise of any hosts that rely on authentication provided by that KDC. * This attack may be performed against cross-realm principals, thus allowing an attacker to hop realms and compromise any realm that transitively shares a cross-realm key with the attacker's local realm. * Related, but more difficult attacks may be possible without requiring the control of a shared cross-realm key. At the very least, an attacker capable of creating arbitrary principal names in the target realm may be able to perform the attack. * An attacker may impersonate any principal to a service keyed with triple-DES krb4 keys, given the ability to capture network traffic containing tickets for the target client principal. * A leak has occurred of an unpublished paper containing enough details about the vulnerability that an attacker familiar with the krb4 protocol can easily construct an exploit. No exploit is known to be circulating at this time, though. AFFECTED SOFTWARE ================= * These are protocol vulnerabilities; ALL implementations of vulnerable functionality are vulnerable. * All implementations of the Kerberos version 4 Key Distribution Center that allow cross-realm authentication are vulnerable. * All implementations of the Kerberos version 5 Key Distribution Center that also implement a KDC for the Kerberos version 4 protocol and use the same keys for version 4 and version 5 are vulnerable. * MIT implementations of krb5 that include support for triple-DES keys in krb4 are vulnerable. FIX === * These are PROTOCOL vulnerabilities; fixes inherently involve restricting the functionality of the protocol. * If you are using the implementation of krb4 contained in the MIT krb5, apply the patch kit, which is available at http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.tar.gz The detached PGP signature of the patch kit is available at http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.sig * Release 1.3 of MIT krb5 will include a fix. The fix has also been committed to our development source tree. * If you are running MIT release krb5-1.2.6 or later, and you are unable to patch your production code, setting the DISALLOW_ALL_TIX or the DISALLOW_SVR attributes on all cross-realm principals should disable cross-realm authentication without losing key information. This will, of course, cause loss of krb5 cross-realm functionality. Note that the functionality of these principal attributes has not been extensively tested. * If using the Kerberos v4 implementation contained in MIT krb5, and you are unable to patch your production systems, cease use of triple-DES keys for Kerberos v4 services. * If using a different implementation of krb4, disable all krb4 cross-realm functionality, both in KDC implementations and in any krb524d implementations. * A possible workaround is to randomize all cross-realm keys. This should be considered to be a last resort, as re-establishing cross-realm keys can be time-consuming, and krb5 cross-realm functionality will be lost. * The following text describes the patch kit for the MIT krb5 implementation. PATCH KIT DESCRIPTION ===================== ** FLAG DAY REQUIRED ** One of the things we decided to do (and must do for security reasons) was drop support for the 3DES krb4 TGTs. Unfortunately the current code will only accept 3DES TGTs if it issues 3DES TGTs. Since the new code issues only DES TGTs, the old code will not understand its v4 TGTs if the site has a 3DES key available for the krbtgt principal. The new code will understand and accept both DES and 3DES v4 TGTs. So, the easiest upgrade option is to deploy the code on all KDCs at once, being sure to deploy it on the master KDC last. Under this scenario, a brief window exists where slaves may be able to issue tickets that the master will not understand. However, the slaves will understand tickets issued by the master throughout the upgrade. An alternate and more annoying upgrade strategy exists. At least one max TGT life time before the upgrade, the TGT key can be changed to be a single-des key. Since we support adding a new TGT key while preserving the old one, this does not create an interruption in service. Since no 3DES key is available then both the old and new code will issue and accept DES v4 TGTs. After the upgrade, the TGT key can again be rekeyed to add 3DES keys. This does require two TGT key changes and creates a window where DES is used for the v5 TGT, but creates no window in which slaves will issue TGTs the master cannot accept. * What the patch does ===================== 1) Kerberos 4 cross-realm authentication is disabled by default. A "-X" switch is added to both krb524d and krb5kdc to enable v4 cross-realm. This switch logs a note that a security hole has been opened in the KDC log. We said while designing the patch, that we were going to try to allow per-realm configuration; because of a design problem in the kadm5 library, we could not do this without bumping the ABI version of that library. We are unwilling to bump an ABI version in a security patch release to get that feature, so the configuration of v4 cross-realm is a global switch. 2) Code responsible for v5 TGTs has been changed to require that the enctype of the ticket service key be the same as the enctype that would currently be issued for that kvno. This means that even if a service has multiple keys, you cannot use a weak key to fake the KDC into accepting tickets for that service. If you have a non-DES TGT key, this separates keys used for v4 and v5. We actually relax this requirement for cross-realm TGT keys (which in the new code are only used for v5) because we cannot guarantee other Kerberos implementations will choose keys the same way. 3) We no longer issue 3DES v4 tickets either in the KDC or krb524d. We add code to accept either DES or 3DES tickets for v4. None of the attacks discovered so far can be implemented given a KDC that accepts but does not issue 3DES tickets, so we believe that leaving this functionality in as compatibility for a version or two is reasonable. Note however that the attacks described do allow successful attackers to print future tickets, so sites probably want to rekey important keys after installing this update. Note also that even if issuance of 3DES v4 tickets has been disabled, outstanding tickets may be used to perform the 3DES cut-and-paste attack. REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/www/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/www/index.html [note that these CERT Vulnerability Notes have not yet been published] CERT VU#623217 http://www.kb.cert.org/vuls/id/623217 CERT VU#442569 http://www.kb.cert.org/vuls/id/442569 ACKNOWLEDGMENTS =============== This advisory was written by Sam Hartman and Tom Yu. Ken Raeburn participated in the analysis of the cryptographic vulnerabilities. Steve Bellovin provided some hints that led us to discover this vulnerability. Sam Hartman developed the patch kit for MIT krb5 implementations. CONTACT ======= For more information, contact Sam Hartman , or Marshall Vale . DETAILS ======= * Abstract ========== Several cryptographic vulnerabilities exist in the basic Kerberos Version 4 protocol that could allow an attacker to impersonate any user in a Kerberos realm and gain any privilege authorized through that Kerberos realm. Knowledge of the key shared between two realms for Kerberos 4 cross-realm authentication or the ability to create arbitrary principals in a realm is sufficient to print any ticket in the realm. As an example, knowing krbtgt.ZONE.MIT.EDU@ATHENA.MIT.EDU is sufficient to print an Athena TGT for any Athena realm client. Additional vulnerabilities in a MIT extension to use triple DES keys for Kerberos 4 tickets may allow attackers who can passively observer the network to construct tickets for some users if certain alignment constraints are met. The Kerberos 5 protocol is not vulnerable to this issue. However, implementations that implement both Kerberos 4 and Kerberos 5 tend to use the same keys for both protocols. As a result, the Kerberos 4 vulnerabilities can be used to compromise Kerberos 5 services at sites using these implementations. * Brief Problem Description =========================== Kerberos version 4 tickets include neither a cryptographic hash of the encrypted data, random padding, nor a random initial vector. As such, if an attacker can cause the right text to be encrypted in a Kerberos service key, then the attacker can fabricate a ticket. Normally an attacker does not control much of the text in the ticket so this cryptographic weakness is hard to exploit. The initial portion of a Kerberos 4 ticket is a one-byte flags field (either 0 or 1) followed by the client name. Since all of this initial text is constant, the beginning of a ticket for a given client/service will be the same. An attacker thus knows the encryption of the initial plaintext in the service key. If an attacker can control client principals whose names he chooses, then he can get the encryption of these plaintext values in the service key. As a result of concerns about single DES weaknesses, MIT implemented support for Kerberos 4 tickets encrypted in triple DES service keys. This support shares all the cryptographic weaknesses of single DES Kerberos 4. In addition, since it uses CBC mode rather than PCBC mode, it introduces new weaknesses not found in other Kerberos 4 implementations. When certain alignment constraints are met, it is possible to splice two tickets together, allowing an attacker to get a ticket with a known session key for a client without knowing that client's long term key. This attack does require sniffing a ticket for that client. We do not believe the password changing service is vulnerable to the single DES attacks as the KDC will never issue password changing tickets in an appl request. It is probably vulnerable to the triple DES splicing attacks. * Specific Vulnerabilities ========================== 1) ECB Oracle for Single DES By controlling principals of an attackers choice, an attacker can encrypt arbitrary plaintext in a single DES service key. 2) ECB Oracle for Triple DES By controlling principals of an an attacker's choice, an attacker can encrypt arbitrary plaintext in a triple DES service key. 3) PCBC First Block It turns out that being able to encrypt arbitrary plaintext is not quite enough to construct a ticket for a single DES service key. You also need to be able to construct the first block of the ticket; you don't know what plaintext to use because the IV for the first block is the long-term service key. However since the only thing in the first block of the ticket is the first seven bytes of the client, controlling a principal with the same first seven bytes as the principal being attacked is sufficient to get the first block. As a practical matter, principals whose principal and instance components fit within six bytes (including trailing nulls) may be harder to attack. 4) Cross Realm If realms A and B share a cross-realm key and the attacker knows that key or can get arbitrary plaintext encrypted in that key, then the attacker may get A to issue tickets for any principal claiming to be in realm B and vice versa. This is sufficient to meet conditions of vulnerabilities (1) and (2) above and to encrypt arbitrary plaintext in the service keys of realm A and B. 5) Kerberos 4 Ticket Printing The conditions of (2) above are sufficient to print arbitrary tickets in a triple DES service key. The conditions of (1) and (3) are sufficient to print any ticket in a single DES service key. 6) Kerberos 5 Ticket Printing The conditions of (1) above are sufficient to construct a des-cbc-md4 or des-cbc-md5 Kerberos 5 ticket if the KDC uses the same DES key for v4 and v5. While the Kerberos 5 ticket does have a confounder and checksum, the checksum is not keyed and thus the confounder and checksum can be fabricated by an attacker. We believe that des-cbc-crc is safe unless you can contain a ciphertext block and a corresponding plaintext block. However, most Kerberos implementations will allow des-cbc-md5 to be used even if des-cbc-crc is normally used. We are not aware of any vulnerabilities in des3-hmac-sha1-kd or rc4-hmac-md5. 7) Ticket Splicing Attack A Kerberos 4 ticket contains an eight-byte session key. If client principal names are chosen carefully then this session key will line up with a DES block boundary. For triple DES service keys this creates an opportunity for an attack. Consider the case where an attacker has obtained a ticket t1 with a known session key K and has sniffed a ticket t2 with unknown session key for the same service. The attacker can create a new valid ticket t2' by replacing the part of t2 starting with the session key block with the session key from t1. This new ticket will have a session key K XOR-ed with the ciphertext blocks proceeding the session key in t1 and t2. In other words, if triple DES service keys are used, client principals with the wrong name lengths are inherently vulnerable to sniffing. 8) Realm Hopping Kerberos 4 does not normally support multi-hop cross-realm authentication. However cross-realm tickets are just normal service keys; points (1), (2) and (3) are sufficient to satisfy the conditions of point (4) for a service key. That is, an attacker can hop through realms, exploiting these vulnerabilities against any realm that is in the transitive closure of the initial realm. Anyone who shares keys with ATHENA.MIT.EDU now trusts ZONE.MIT.EDU. 9) Krb 524 Does Not Help Traditionally realms desiring higher security but still wishing to have some Kerberos 4 services have disabled KDC support for V4 and used krb524d to issue only the services that are needed. These vulnerabilities work as well against any service key that the krb524d knows as they do against service keys in a v4 KDC. Of course a fabricated krb5 ticket can be converted to Kerberos 4 using krb524d. * Potential Solutions ===================== 1) V4 Cross Realm Considered Harmful Kerberos implementations should gain an option to disable Kerberos 4 cross-realm authentication both in the KDC and in any implementations of the krb524 protocol. This configuration should be the default. 2) Application Migration Application vendors and sites should migrate from Kerberos version 4 to Kerberos version 5. The OpenAFS community has introduced features that allow Kerberos 5 to be used for AFS in OpenAFS 1.2.8. Patches are available to add Kerberos 5 support to OpenSSH. Several other implementations of the SSH protocol also support Kerberos 5. Applications such as IMAP, POP and LDAP already support Kerberos 5. 3) TGT Key Separation One motivation for the V4 triple DES support is that if a single DES key exists for the TGT principal then an attacker can attack that key both for v4 and v5 tickets. Kerberos implementations should gain support for a DES TGT key that is used for v4 requests but not v5 requests. 4) Remove Triple DES Kerberos 4 Support The cut and paste attack is a critical failure in MIT's attempt at Kerberos 4 Triple DES. Even without cross-realm authentication, this can be exploited in real-world situations. As such the support for 3DES service keys should be disabled. REVISION HISTORY ================ 2003-03-15 A draft version of this text was leaked to the full-disclosure list by unknown persons. 2003-03-17 original release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBPnWBm6bDgE/zdoE9AQEqywP/djVs+A4aTwJUTXzUHno5kGz1qEEzeF6v Uda7/NZyswe7Prc4J8vP9NEUSb/aETLcWuUmSmzViy0yCl4LwiVRPwtQNnTkjHbb aWp1xqbEjGmXlEpsf2y5vylbGBC0fBImf38UD8mw0qmjByLJ9+MQGUX0ggIgN72H GtnGXq1m+Jw= =ws8J -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Mar 18 21:04:06 2003 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8/8.12.8) with ESMTP id h2J245Fm027858 for ; Tue, 18 Mar 2003 21:04:05 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id VAA10075 for ; Tue, 18 Mar 2003 21:04:05 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.9.3) id VAA06045; Tue, 18 Mar 2003 21:04:03 -0500 (EST) To: kerberos-announce@mit.edu From: Tom Yu Date: Tue, 18 Mar 2003 21:03:56 -0500 Message-ID: Lines: 16 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id h2J245Fm027858 X-Mailman-Approved-At: Tue, 18 Mar 2003 21:05:10 -0500 cc: bugtraq@securityfocus.com Subject: Updated: MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Wed, 19 Mar 2003 02:04:06 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The text of MITKRB5-SA-2003-004 has been updated to clarify the description of potential fixes. The associated patch kit has also been updated to fix some problems with the patches. Advisory text: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt Patch kit: http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.tar.gz Advisory index: http://web.mit.edu/kerberos/www/advisories/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iD8DBQE+d9ASSO8fWy4vZo4RAqYKAJ42guha65XyxklBY+fqOJ8oE5Og6ACgh5/P 2g9bQpYUdrr6MrgNcKxJba4= =CKYT -----END PGP SIGNATURE----- From tlyu@MIT.EDU Wed Mar 19 17:22:13 2003 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8/8.12.8) with ESMTP id h2JMMDFm001618 for ; Wed, 19 Mar 2003 17:22:13 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])h2JMMDmS011317 for ; Wed, 19 Mar 2003 17:22:13 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.9.3) id RAA20930; Wed, 19 Mar 2003 17:22:13 -0500 (EST) To: kerberos-announce@mit.edu From: Tom Yu Date: Wed, 19 Mar 2003 17:22:12 -0500 Message-ID: Lines: 260 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Wed, 19 Mar 2003 17:23:09 -0500 cc: bugtraq@securityfocus.com Subject: MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Wed, 19 Mar 2003 22:22:14 -0000 -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2003-003 2003-03-18 Topic: faulty length checks in xdrmem_getbytes Severity: serious SUMMARY ======= The MIT Kerberos 5 implementation includes an RPC library derived from SUNRPC. We have been notified that the xdrmem_getbytes() function contains faulty length checks. These length checks are vulnerable to an integer overflow, which may be exploitable to create denials of service or to gain unauthorized access to sensitive information. An attacker who has successfully authenticated to the Kerberos administration daemon (kadmind) may be able to crash kadmind or induce it to leak sensitive information, such as secret keys. For the attack to succeed, it is believed that the configuration of the kadmind installation must allow it to successfully allocate more than INT_MAX bytes of memory. IMPACT ====== * An attacker capable of authenticating to kadmind may be able to crash kadmind. * Under extremely unlikely circumstances, an attacker capable of authenticating to kadmind may be able to induce it to return sensitive information, such as secret keys. AFFECTED SOFTWARE ================= * All releases of MIT Kerberos 5, up to and including krb5-1.2.7. FIX === Apply the following patch to src/lib/rpc/xdr_mem.c and rebuild your tree. Index: xdr_mem.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/rpc/xdr_mem.c,v retrieving revision 1.8 diff -c -r1.8 xdr_mem.c *** xdr_mem.c 1998/02/14 02:27:24 1.8 - --- xdr_mem.c 2003/02/04 22:57:24 *************** *** 47,52 **** - --- 47,54 ---- #include #include #include + #include + #include static bool_t xdrmem_getlong(); static bool_t xdrmem_putlong(); *************** *** 83,89 **** xdrs->x_op = op; xdrs->x_ops = &xdrmem_ops; xdrs->x_private = xdrs->x_base = addr; ! xdrs->x_handy = size; } static void - --- 85,91 ---- xdrs->x_op = op; xdrs->x_ops = &xdrmem_ops; xdrs->x_private = xdrs->x_base = addr; ! xdrs->x_handy = (size > INT_MAX) ? INT_MAX : size; /* XXX */ } static void *************** *** 98,105 **** long *lp; { ! if ((xdrs->x_handy -= sizeof(rpc_int32)) < 0) return (FALSE); *lp = (long)ntohl(*((rpc_u_int32 *)(xdrs->x_private))); xdrs->x_private += sizeof(rpc_int32); return (TRUE); - --- 100,109 ---- long *lp; { ! if (xdrs->x_handy < sizeof(rpc_int32)) return (FALSE); + else + xdrs->x_handy -= sizeof(rpc_int32); *lp = (long)ntohl(*((rpc_u_int32 *)(xdrs->x_private))); xdrs->x_private += sizeof(rpc_int32); return (TRUE); *************** *** 111,118 **** long *lp; { ! if ((xdrs->x_handy -= sizeof(rpc_int32)) < 0) return (FALSE); *(rpc_int32 *)xdrs->x_private = (rpc_int32)htonl((rpc_u_int32)(*lp)); xdrs->x_private += sizeof(rpc_int32); return (TRUE); - --- 115,124 ---- long *lp; { ! if (xdrs->x_handy < sizeof(rpc_int32)) return (FALSE); + else + xdrs->x_handy -= sizeof(rpc_int32); *(rpc_int32 *)xdrs->x_private = (rpc_int32)htonl((rpc_u_int32)(*lp)); xdrs->x_private += sizeof(rpc_int32); return (TRUE); *************** *** 125,132 **** register unsigned int len; { ! if ((xdrs->x_handy -= len) < 0) return (FALSE); memmove(addr, xdrs->x_private, len); xdrs->x_private += len; return (TRUE); - --- 131,140 ---- register unsigned int len; { ! if (xdrs->x_handy < len) return (FALSE); + else + xdrs->x_handy -= len; memmove(addr, xdrs->x_private, len); xdrs->x_private += len; return (TRUE); *************** *** 139,146 **** register unsigned int len; { ! if ((xdrs->x_handy -= len) < 0) return (FALSE); memmove(xdrs->x_private, addr, len); xdrs->x_private += len; return (TRUE); - --- 147,156 ---- register unsigned int len; { ! if (xdrs->x_handy < len) return (FALSE); + else + xdrs->x_handy -= len; memmove(xdrs->x_private, addr, len); xdrs->x_private += len; return (TRUE); *************** *** 179,185 **** { rpc_int32 *buf = 0; ! if (xdrs->x_handy >= len) { xdrs->x_handy -= len; buf = (rpc_int32 *) xdrs->x_private; xdrs->x_private += len; - --- 189,195 ---- { rpc_int32 *buf = 0; ! if (len >= 0 && xdrs->x_handy >= len) { xdrs->x_handy -= len; buf = (rpc_int32 *) xdrs->x_private; xdrs->x_private += len; The patch was generated against krb5-1.2.7; patches to other releases may apply with some offset. This patch may also be found at: http://web.mit.edu/kerberos/www/advisories/2003-003-xdr_patch.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/www/advisories/2003-003-xdr_patch.txt.asc REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/www/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/www/index.html CERT VU#516825 http://www.kb.cert.org/vuls/id/516825 CVE CAN-2003-0028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0028 ACKNOWLEDGMENTS =============== Thanks to CERT for notifying us of this vulnerability. DETAILS ======= The xdrmem_getbytes() function decrements the private signed integer "xdrs->x_handy" by the supplied length "len", which is an unsigned int. It then verifies that the resulting value of "xdrs->x_handy" is non-negative. Using a carefully chosen value of "len" (so that it is greater than INT_MAX), it is possible for this check to succeed even if the value of "len" would cause the buffer to be overrun on read. This overrun may result in a segmentation fault, or in the unauthorized copying of sensitive information. A mitigating factor is that most call chains that end up calling xdrmem_getbytes() first call malloc() (via the mem_alloc() macro) to allocate a buffer of the requested length. This allocation of more than INT_MAX bytes will fail on most configurations due to internal limitations of malloc() or due to system resource limits. On systems where allocation of more than INT_MAX bytes can succeed (possibly including 64-bit environments), the probability of successful exploit is higher. In MIT krb5, the vulnerable invocations of xdrmem_getbytes() inside kadmind only occur after the user has successfully authenticated. Additionally, any unauthorized copies of sensitive data obtained by exercising this vulnerability are extremely unlikely to be returned to the remote client. REVISION HISTORY ================ 2003-03-18 original release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBPnd5J6bDgE/zdoE9AQEIeAQAxuMhSNtC94YhIqQcuhRsKXFf/T8T8lh6 YUeTNaqA9sQkZBE2sZEyI4uq0iiZjwQyUfhylcPbEaIX3f9dto8YWmRvPztsvIQR jzAlRU4o7//kw2oWu1JQC0FNpcifr1D1j0E59xqjDaCGDa6LlMFqd/V77pHKIcLU c0DO4+ORljY= =54iC -----END PGP SIGNATURE----- From raeburn@MIT.EDU Wed Mar 19 20:07:32 2003 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8/8.12.8) with ESMTP id h2K17WFm002038 for ; Wed, 19 Mar 2003 20:07:32 -0500 (EST) Received: from central-city-carrier-station.mit.edu (CENTRAL-CITY-CARRIER-STATION.MIT.EDU [18.7.7.72])h2K17VCn016873 for ; Wed, 19 Mar 2003 20:07:31 -0500 (EST) Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86])UAA17934; Wed, 19 Mar 2003 20:07:31 -0500 (EST) Received: from all-in-one.mit.edu (ALL-IN-ONE.MIT.EDU [18.18.1.71]) ) h2K14d0x019230; Wed, 19 Mar 2003 20:04:39 -0500 (EST) Received: (from raeburn@localhost) by all-in-one.mit.edu (8.9.3) id UAA26738; Wed, 19 Mar 2003 20:04:39 -0500 To: kerberos-announce@MIT.EDU From: Ken Raeburn Date: Wed, 19 Mar 2003 20:04:32 -0500 Message-ID: Lines: 125 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Mailman-Approved-At: Wed, 19 Mar 2003 20:10:42 -0500 cc: bugtraq@MIT.EDU Subject: MITKRB5-SA-2003-05: Buffer overrun and underrun in principal name handling X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Thu, 20 Mar 2003 01:07:32 -0000 --=-=-= Content-Transfer-Encoding: quoted-printable MIT krb5 Security Advisory 2003-005 2003-03-19 Topic: Buffer overrun and underrun in principal name handling Severity: SERIOUS SUMMARY =3D=3D=3D=3D=3D=3D=3D Buffer overrun and underrun problems exist in Kerberos principal name handling in unusual cases, such as names with zero components, names with one empty component, or host-based service principal names with no host name component. IMPACT =3D=3D=3D=3D=3D=3D * Corruption of malloc pool, probably leading to program crash. + The KDC may be vulnerable. + Depending on the malloc implementation and platform, it may be possible to build more serious exploits on this. * Reference to data just past the end of an array in the KDC, for comparison against certain fixed data. May result in crashing the KDC. AFFECTED SOFTWARE =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D MIT Kerberos 5, all released versions though 1.2.7 and 1.3-alpha1. FIX =3D=3D=3D The following patches should fix the most urgent aspects of the problems in the 1.2.7 release. If these patches do not apply cleanly to 1.2.6 and earlier versions, the corresponding changes should be fairly straightforward. The patch to krb5.hin should change any missed overrun cases in this area into null pointer dereferences, which will be more likely to crash the program instead of referencing arbitrary data. Index: include/krb5.hin =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /cvs/krbdev/krb5/src/include/krb5.hin,v retrieving revision 1.94.2.5.2.17 diff -p -u -r1.94.2.5.2.17 krb5.hin =2D-- include/krb5.hin 2002/04/16 23:47:53 1.94.2.5.2.17 +++ include/krb5.hin 2003/03/19 00:38:54 @@ -326,7 +326,7 @@ typedef krb5_const krb5_principal_data F #define krb5_princ_size(context, princ) (princ)->length #define krb5_princ_type(context, princ) (princ)->type #define krb5_princ_name(context, princ) (princ)->data =2D#define krb5_princ_component(context, princ,i) ((princ)->data + i) +#define krb5_princ_component(context, princ,i) (i < krb5_princ_size(contex= t, princ) ? ((princ)->data + i) : NULL) =20 /* * end "base-defs.h" Index: kdc/kdc_util.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /cvs/krbdev/krb5/src/kdc/kdc_util.c,v retrieving revision 5.96.2.2.2.3 diff -p -u -r5.96.2.2.2.3 kdc_util.c =2D-- kdc/kdc_util.c 2002/10/31 00:38:34 5.96.2.2.2.3 +++ kdc/kdc_util.c 2003/03/19 00:39:00 @@ -157,7 +157,8 @@ realm_compare(princ1, princ2) krb5_boolean krb5_is_tgs_principal(principal) krb5_principal principal; { =2D if ((krb5_princ_component(kdc_context, principal, 0)->length =3D=3D + if (krb5_princ_size(kdc_context, principal) > 0 && + (krb5_princ_component(kdc_context, principal, 0)->length =3D=3D KRB5_TGS_NAME_SIZE) && (!memcmp(krb5_princ_component(kdc_context, principal, 0)->data, KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE))) Index: lib/krb5/krb/unparse.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/unparse.c,v retrieving revision 5.27.4.1 diff -p -u -r5.27.4.1 unparse.c =2D-- lib/krb5/krb/unparse.c 2002/08/12 22:55:01 5.27.4.1 +++ lib/krb5/krb/unparse.c 2003/03/19 00:39:02 @@ -153,7 +153,8 @@ krb5_unparse_name_ext(context, principal *q++ =3D COMPONENT_SEP; } =20 =2D q--; /* Back up last component separator */ + if (i > 0) + q--; /* Back up last component separator */ *q++ =3D REALM_SEP; =20=09 cp =3D krb5_princ_realm(context, principal)->data; The problem exists in other parts of the code as well, but should only result in crashing application servers when the realm has been misconfigured to use broken service names, or crashing application clients when they are supplied broken principal names. ACKNOWLEDGMENTS =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Thanks to Nalin Dahyabhai of Red Hat for bringing the problems to our attention. CONTACT =3D=3D=3D=3D=3D=3D=3D For more information, contact Ken Raeburn , Sam Hartman , or Marshall Vale . This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/www/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/www/index.html --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+eROnUqOaDMQ+e5gRArLrAKCUwNawHi+TG4mVKKYqwWxbxm8degCg4nfa pcB9Lv7VcpW4r9alP3n/Wao= =T/GH -----END PGP SIGNATURE----- --=-=-=-- From raeburn@MIT.EDU Thu Mar 20 16:48:38 2003 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8/8.12.8) with ESMTP id h2KLmcFm004057 for ; Thu, 20 Mar 2003 16:48:38 -0500 (EST) Received: from grand-central-station.mit.edu (GRAND-CENTRAL-STATION.MIT.EDU [18.7.21.82])h2KLmaxa029577 for ; Thu, 20 Mar 2003 16:48:38 -0500 (EST) Received: from manawatu-mail-centre.mit.edu (MANAWATU-MAIL-CENTRE.MIT.EDU [18.7.7.71])QAA09250; Thu, 20 Mar 2003 16:47:26 -0500 (EST) Received: from all-in-one.mit.edu (ALL-IN-ONE.MIT.EDU [18.18.1.71]) ) h2KLlQV3007894; Thu, 20 Mar 2003 16:47:26 -0500 (EST) Received: (from raeburn@localhost) by all-in-one.mit.edu (8.9.3) id QAA06712; Thu, 20 Mar 2003 16:47:26 -0500 To: kerberos-announce@MIT.EDU, bugtraq@MIT.EDU References: From: Ken Raeburn Date: Thu, 20 Mar 2003 16:47:22 -0500 In-Reply-To: (raeburn@mit.edu's message of "Thu, 20 Mar 2003 01:25:21 +0000 (UTC)") Message-ID: Lines: 28 User-Agent: Gnus/5.090005 (Oort Gnus v0.05) Emacs/21.2 (i686-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Mailman-Approved-At: Thu, 20 Mar 2003 16:51:51 -0500 Subject: Re: MITKRB5-SA-2003-05: Buffer overrun and underrun in principal name handling X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Thu, 20 Mar 2003 21:48:39 -0000 --=-=-= Content-Transfer-Encoding: quoted-printable This advisory has been updated on our web site. The patch is now contained in a separate text file, with a separate PGP signature available. The advisory text now notes that it includes information also published in the following vulnerability notes: CVE CAN-2003-0082 Buffer underrun CVE CAN-2003-0072 Array overrun -- only the portions that appeared to affect a server with no strange realm configurations were included here. This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/www/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/www/index.html Ken --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+ejbuUqOaDMQ+e5gRAjykAJ9nEpeWOMrrwgyzKW5YlQxQhwLtZACfTbWW tD55/KRSDIgDS5L25IoDgeY= =D3ly -----END PGP SIGNATURE----- --=-=-=-- From tlyu@MIT.EDU Tue Apr 8 23:32:08 2003 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p1/8.12.8) with ESMTP id h393W7jc007636 for ; Tue, 8 Apr 2003 23:32:07 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])h393W7JT025656 for ; Tue, 8 Apr 2003 23:32:07 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.9.3) id XAA10733; Tue, 8 Apr 2003 23:32:07 -0400 (EDT) To: kerberos-announce@mit.edu From: Tom Yu Date: Tue, 08 Apr 2003 23:32:03 -0400 Message-ID: Lines: 37 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id h393W7jc007636 X-Mailman-Approved-At: Tue, 08 Apr 2003 23:34:11 -0400 Subject: krb5-1.2.8 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Wed, 09 Apr 2003 03:32:08 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.2.8. This release is primarily a security patch release; other bugfixes and feature requests have not been incorporated. Please see below for a list of some changes since release 1.2.7, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.2.8 =================================== You may retrieve the Kerberos 5 Release 1.2.8 source from the following URL: http://web.mit.edu/network/kerberos-form.html Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/www/index.html MAJOR CHANGES SINCE RELEASE 1.2.7 ================================= * [1402, 1385, 1395, 1410, 1411] The krb4 protocol vulnerabilities [MITKRB5-SA-2003-004] have been worked around. * [1403, 1393] The xdrmem integer overflows [MITKRB5-SA-2003-003] have been fixed. * [1405, 1397] The krb5_principal buffer bounds problems [MITKRB5-SA-2003-005] have been fixed. Thanks to Nalin Dahyabhai. ========================= Tom Yu MIT Information Systems Kerberos Development Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iD8DBQE+k5Q2SO8fWy4vZo4RAjFKAJ9OIdDmLT+pF+Gv0TCemFtFgGehXwCbBz5Y kOcDb8cdmECaNalVQFLOFs8= =wbnt -----END PGP SIGNATURE----- From mjv@MIT.EDU Thu Jun 26 22:01:03 2003 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p1/8.12.8) with ESMTP id h5R212k0029407 for ; Thu, 26 Jun 2003 22:01:02 -0400 (EDT) Received: from mail-out1.apple.com (mail-out1.apple.com [17.254.0.52]) h5R211VO026629 for ; Thu, 26 Jun 2003 22:01:02 -0400 (EDT) Received: from mailgate2.apple.com (A17-129-100-225.apple.com [17.129.100.225]) by mail-out1.apple.com (8.12.9/8.12.9) with ESMTP id h5R20wiB025810 for ; Thu, 26 Jun 2003 19:00:58 -0700 (PDT) Received: from scv2.apple.com (scv2.apple.com) by mailgate2.apple.com ; Thu, 26 Jun 2003 19:01:00 -0700 Received: from [172.20.2.166] (il0204a-dhcp49.apple.com [17.202.45.177]) by scv2.apple.com (8.12.9/8.12.9) with ESMTP id h5R20uaI009985; Thu, 26 Jun 2003 19:00:57 -0700 (PDT) Mime-Version: 1.0 X-Sender: mjv@po12.mit.edu (Unverified) Message-Id: Date: Thu, 26 Jun 2003 18:58:56 -0700 To: Openssh-Unix-Dev From: Marshall Vale Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Mailman-Approved-At: Thu, 26 Jun 2003 22:03:24 -0400 cc: kerberos-announce@mit.edu Subject: Kerberos Support in OpenSSH X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Fri, 27 Jun 2003 02:01:03 -0000 Dear Sir and Madam: I'm writing to you on behalf of the MIT Kerberos team and several other parties interested in the availability of Kerberos authentication for the SSH protocol. We recently noticed that the OpenSSH developers had added support for the kerberos-2@ssh.com user authentication mechanism. We are delighted but we believe additional steps are necessary, as explained below. We are happy that OpenSSH is looking at Kerberos for SSH protocol version 2. It has been our experience that the combination of Kerberos and SSH provides an excellent method for sites to have secure login access while centrally managing keys and avoiding the problems of maintaining known_hosts files. We do have two concerns that we would like to discuss with you. We will briefly describe our concerns and then discuss them in detail. First, we would like to ask you to commit to implementing draft-ietf-secsh-gsskeyex in addition to any other Kerberos mechanisms you decide to ship for protocol version 2. We believe the mechanisms described in this draft better meet the needs of the Kerberos community, will have wider long-term acceptance and have undergone more comprehensive review in the standards community than previous methods. Secondly, we would like to find a way to reduce the user confusion associated with all of the different options for Kerberos and SSH. Ideally everyone will eventually migrate to the IETF standards track approach, but even then, we will need to help people understand differences between Kerberos used for key exchange, Kerberos used for userauth, and Kerberos used behind the scenes for password authentication. If there are any ways we could help you address these concerns please feel free to ask us. The primary reason we want to see OpenSSH adopt an implementation of the IETF draft is that we believe it better meets the needs of the Kerberos community. In addition to an SSH userauth method, the IETF draft includes a key exchange mechanism. Previous methods only used Kerberos to authenticate the client to the server and still relied on the SSH known_hosts file to authenticate the server to the client. Especially in large sites this is undesirable because updating known hosts files when machines are rekeyed is difficult. Many users always accept new keys without question and thus are vulnerable to a man-in-the-middle attack. The GSSAPI key exchange mechanism in the IETF draft uses Kerberos to authenticate both parties to each other, avoiding man-in-the-middle attacks. This allows Kerberos sites to gain the same level of security with ssh that they have enjoyed for years with rlogin and ftp. There has been significant interest in the Kerberos community ever since Simon Wilkinson first released his GSSAPI patches to OpenSSH. A broad range of customer sites have adopted the IETF draft and deployed Simon's patches in production. Several major Unix vendors have chosen to adopt the GSSAPI protocol to provide Kerberos authentication. At least two Windows implementations of SSH (Secure CRT and Kermit95) implement GSSAPI support. Patches are available for Putty. The GSSAPI framework also supports mechanisms other than Kerberos V, such as SPKM, which could be used to add x.509 support to SSH. For example, Simon's patches include support for the Globus GSI mechanism. The IETF GSSAPI draft has been more thoroughly reviewed within the IETF community than any previous Kerberos solution. Authors of the draft include both implementers and interested third parties. At least three independent and interoperable implementations have been written from this draft, so the quality of the spec is good. Significant parts of the spec were motivated by a presentation of the kerberos-1@ssh.com spec at the IETF. The ssh.com spec received a strong negative reaction from both the Kerberos working group and the Secure Shell working group. People were concerned about the lack of mutual authentication, the way tickets were passed from client to server and how Kerberos interacted with password authentication. For this reason, the Secure Shell working group did not accept the kerberos-1@ssh.com mechanism but instead started work on the GSSAPI draft. Although improved, the kerberos-2@ssh.com mechanism retains many of the operations that caused working group participants to be concerned. The MIT Kerberos team may be able to help OpenSSH add support for draft-ietf-secsh-gsskeyex. In particular, we would be happy to answer any questions you might have regarding either Simon's patches or the the protocol. If you would accept help auditing Simon's patches or another implementation of the draft, we would be happy to assist. Once the IETF draft is implemented, the Kerberos and SSH communities will then need to deal with user education. The experience with the many incompatible methods of implementing Kerberos for SSH protocol version 1 has shown that users will be confused. Over the longer term we prefer people to use either the GSSAPI key exchange or the GSSAPI userauth method. Thus the Kerberos and SSH communities will need to work not only to find ways to make it clear in what direction we are heading but also that the other options are only being provided to address the issue of compatibility with deployed implementations. Signed, Marshall Vale, on behalf of the MIT Kerberos Development Team Jeffrey Altman Douglas E. Engert Joseph Galbraith Jeffrey Hutzelman Joseph Salowey Von Welch Simon Wilkinson From tlyu@MIT.EDU Tue Jul 8 23:51:47 2003 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p1/8.12.8) with ESMTP id h693plk0008621 for ; Tue, 8 Jul 2003 23:51:47 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])h693plmF019515 for ; Tue, 8 Jul 2003 23:51:47 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.9.3p2) id XAA11814; Tue, 8 Jul 2003 23:51:46 -0400 (EDT) To: kerberos-announce@mit.edu From: Tom Yu Date: Tue, 08 Jul 2003 23:51:42 -0400 Message-ID: Lines: 71 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id h693plk0008621 X-Mailman-Approved-At: Tue, 08 Jul 2003 23:53:29 -0400 Subject: krb5-1.3 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Wed, 09 Jul 2003 03:51:47 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.3. Please see below for a list of some major changes since krb5-1.2.8, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.3 ================================= You may retrieve the Kerberos 5 Release 1.3 source from the following URL: http://web.mit.edu/network/kerberos-form.html The homepage for the krb5-1.3 release is: http://web.mit.edu/kerberos/www/krb5-1.3/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/www/ MAJOR CHANGES SINCE RELEASE 1.2.8 ================================= * We now install the compile_et program, so other packages can use the installed com_err library with their own error tables. (If you use our com_err code, that is; see below.) * The header files we install now assume ANSI/ISO C ('89, not '99). We have stopped testing on SunOS 4, even with gcc. Some of our code now has C89-based assumptions, like free(NULL) being well defined, that will probably frustrate any attempts to run this code under SunOS 4 or other pre-C89 systems. * Some new code, bug fixes, and cleanup for IPv6 support. Most of the code should support IPv6 transparently now. The RPC code (and therefore the admin system, which is based on it) does not yet support IPv6. The support for Kerberos 4 may work with IPv6 in very limited ways, if the address checking is turned off. The FTP client and server do not have support for the new protocol messages needed for IPv6 support (RFC 2429). * We have upgraded to autoconf 2.52 (or later), and the syntax for specifying certain configuration options have changed. For example, autoconf 2.52 configure scripts let you specify command-line options like "configure CC=/some/path/foo-cc", so we have removed some of our old options like --with-cc in favor of this approach. * The client libraries can now use TCP to connect to the KDC. This may be necessary when talking to Microsoft KDCs (domain controllers), if they issue you tickets with lots of PAC data. * If you have versions of the com_err or ss installed locally, you can use the --with-system-et and --with-system-ss configure options to use them rather than using the versions supplied here. Note that the interfaces are assumed to be similar to those we supply; in particular, some older, divergent versions of the com_err library may not work with the krb5 sources. Many configure-time variables can be used to help the compiler and linker find the installed packages; see the build documentation for details. * The AES cryptosystem has been implemented. However, support in the Kerberos GSSAPI mechanism has not been written (or even fully specified), so it's not fully enabled. See the documentation for details. ========================= Tom Yu MIT Information Systems Kerberos Development Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iQCVAwUBPwuRUqbDgE/zdoE9AQFWUgP+Ihe3T2yFnQL+1kqfZS9tE9fyUrWz1396 s+kHvky6IIZoXpeIVg42ItQDb+ZChBbYHfsTL8IPZlh6uBaPQ6MgJS0EVrOgAzj8 rdL8ZvzFgaYoWgLK4Af68zKn6cFQoCb0ZsKgZuDOGHyewzfvJfi3mbFtubvRCTLy aua5KgDgF10= =C7sa -----END PGP SIGNATURE----- From tlyu@MIT.EDU Thu Jul 10 15:24:29 2003 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p1/8.12.8) with ESMTP id h6AJOTk0022321 for ; Thu, 10 Jul 2003 15:24:29 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])h6AJOKCx007754 for ; Thu, 10 Jul 2003 15:24:20 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.9.3p2) id PAA01493; Thu, 10 Jul 2003 15:24:19 -0400 (EDT) To: kerberos-announce@mit.edu From: Tom Yu Date: Thu, 10 Jul 2003 15:24:15 -0400 Message-ID: Lines: 15 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id h6AJOTk0022321 X-Mailman-Approved-At: Thu, 10 Jul 2003 15:40:12 -0400 Subject: MIT Kerberos for Windows 2.5 beta 3 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Thu, 10 Jul 2003 19:24:30 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos for Windows 2.5 beta 3, the first public testing release. Major new features of this release include: - - Based on MIT Kerberos v5 1.3 - - Numerous enhancements to Leash Please consult the Release Notes file for further details on changes. The distribution packages and Release Notes are available from the authorized downloads link on the MIT Kerberos web page, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iQCVAwUBPw29Y6bDgE/zdoE9AQHqAQQA0h+TdLIs6bO8S018UAutfnuHvh+8tANF 6dZzJcCWuw36+qHnizg24RSBU8MeALoETl5sEcvgMXL7T0zt2Pi2wwQZV96TF0tj TrirqcugZIWQDJrJyTKNRHK7ct1ZnzPtqw4kVBaBJstIA+KDEB5e8pUYm6zOpoij +S93GRvfuuk= =N3MS -----END PGP SIGNATURE----- From tlyu@MIT.EDU Thu Jul 10 15:27:16 2003 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p1/8.12.8) with ESMTP id h6AJRGk0022360 for ; Thu, 10 Jul 2003 15:27:16 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])h6AJRG85027462 for ; Thu, 10 Jul 2003 15:27:16 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.9.3p2) id PAA01521; Thu, 10 Jul 2003 15:27:15 -0400 (EDT) To: kerberos-announce@mit.edu From: Tom Yu Date: Thu, 10 Jul 2003 15:27:09 -0400 Message-ID: Lines: 14 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id h6AJRGk0022360 X-Mailman-Approved-At: Thu, 10 Jul 2003 15:40:12 -0400 Subject: Updated Kerberos Extras for Mac OS X is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Thu, 10 Jul 2003 19:27:16 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Team announces the availability of an updated Kerberos Extras for Mac OS X 10.2 and later is now available. Kerberos Extras for Mac OS X allows CFM applications to access the Kerberos functionality built into Mac OS X. This new version of Kerberos Extras installs a CFM support file which works on both Mac OS X 10.2 (Jaguar) and Mac OS X 10.3 (Panther) and supersedes previous Kerberos Extra releases. Further information including download link is available from: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iD8DBQE/Db4TSO8fWy4vZo4RAtGmAKCWBDXux8bIOyVJTt+5N4G4yIViVACcCJYd 9bHXwy+MVeIY/uYQcocPW9M= =z6wl -----END PGP SIGNATURE----- From tlyu@MIT.EDU Thu Jul 24 18:39:42 2003 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p1/8.12.8) with ESMTP id h6OMdfk0000448 for ; Thu, 24 Jul 2003 18:39:41 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])h6OMd9JO021509 for ; Thu, 24 Jul 2003 18:39:30 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.9.3p2) id SAA29051; Thu, 24 Jul 2003 18:39:08 -0400 (EDT) To: kerberos-announce@mit.edu From: Tom Yu Date: Thu, 24 Jul 2003 18:39:03 -0400 Message-ID: Lines: 59 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id h6OMdfk0000448 X-Mailman-Approved-At: Thu, 24 Jul 2003 18:42:57 -0400 Subject: serious protocol interop bug in krb5-1.3 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Thu, 24 Jul 2003 22:39:42 -0000 -----BEGIN PGP SIGNED MESSAGE----- The krb5-1.3 release has a serious problem: it fails to correctly implement the ETYPE-INFO2 preauthentication type, in both client and server code. This can cause a failure to obtain tickets. We strongly suggest that krb5-1.3 not be deployed in production systems, especially on client platforms. The upcoming krb5-1.3.1 release should fix this problem. Code older than krb5-1.3 will ignore ETYPE-INFO2 completely. A krb5-1.3 client will fail to get an initial ticket if the following conditions are true: * Client requests an initial ticket from a conforming KDC (e.g., not a krb5-1.3 KDC). * Client receives an ETYPE-INFO2 containing the optional "salt" element. This will only happen if the KDC knows a client principal key that was generated using a non-default salt, e.g., the v4 salt. The krb5-1.3.1 release, currently in beta test, will issue the correct ETYPE-INFO2. For compatibility, the krb5-1.3.1 client library will accept the incorrect ETYPE-INFO2 encoding emitted by a krb5-1.3 KDC. We expect that the final krb5-1.3.1 release will happen next week. NOTE ==== Lack of existing problems in an installation does not indicate that future upgrades will be successful; a krb5-1.3 client may not exhibit any obvious failure modes until attempting to communicate with a KDC that emits the correct ETYPE-INFO2 encoding. Even then, it will only fail if non-default key salts are used. The Kerberos v4 salt is the most common non-default salt, and is frequently present in sites that have migrated from Kerberos v4. DETAILS ======= The underlying problem is that the implementation of ETYPE-INFO2 in krb5-1.3 fails to match the latest internet-draft of the Kerberos protocol specification. The client will erroneously reject a response - From the KDC containing a conforming ETYPE-INFO2, since the client will parse it as containing a malformed ETYPE-INFO2. This prevents a krb5-1.3 client from working with a conforming KDC if one happens to be deployed later. This is documented as ticket #1681 in our bug database. The main MIT Kerberos web page is http://web.mit.edu/kerberos/ Updates on the situation will be posted there. ========================= Tom Yu MIT Information Systems Kerberos Development Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iQCVAwUBPyBgDKbDgE/zdoE9AQGPwgP7BAl+CnT9RVFnZGRBtEcUYCV+PQMTFBvY OaD0ZpBXmZbPsj9iC4zg/xInp5ii4x8CkOaIGuLQZUIUvQRoy8A9BLgI6EdDgtIC RO2K+DJZw0vB/jx5u5Lzmugfjfx/vdZMq/lEKCTyDXNlVNqO31yNnUolsHQqsyb3 nz4nxtwT0cg= =F3Ak -----END PGP SIGNATURE----- From tlyu@MIT.EDU Fri Jul 25 14:58:03 2003 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p1/8.12.8) with ESMTP id h6PIw2k0007076 for ; Fri, 25 Jul 2003 14:58:02 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])h6PIvWsI013028 for ; Fri, 25 Jul 2003 14:57:46 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.9.3p2) id OAA04572; Fri, 25 Jul 2003 14:57:31 -0400 (EDT) To: kerberos-announce@mit.edu From: Tom Yu Date: Fri, 25 Jul 2003 14:57:28 -0400 Message-ID: Lines: 16 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id h6PIw2k0007076 X-Mailman-Approved-At: Fri, 25 Jul 2003 14:58:56 -0400 Subject: MIT Kerberos for Windows 2.5 beta 4 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Fri, 25 Jul 2003 18:58:03 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos for Windows 2.5 beta 4, the second public testing release. Major new features of this release include: - - Based on MIT Kerberos v5 1.3.1 beta 1 - - Numerous enhancements to Leash - - Several compatibility problems were fixed from KfW 2.5 beta 3 Please consult the Release Notes file for further details on changes. The distribution packages and Release Notes are available from the authorized downloads link on the MIT Kerberos web page, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iQCVAwUBPyF9m6bDgE/zdoE9AQGjdAP/RJvkATUihpfpWjk4VnY42+Aa8IVX2StW IJsq7+tx+p5ITAp2sxluZwg6X4mthajH6vVx1jnZTviX7d9lqfZL5NvvYsTWyZpS u2cDXeScMao2idsla+bmZ3tOAsBR1Ip7Tnk8l+Ueh/jdsN0NGDxJxBz3RhcJ6vdj x6vr012zu1U= =fSvn -----END PGP SIGNATURE----- From tlyu@MIT.EDU Fri Aug 1 15:22:35 2003 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p1/8.12.8) with ESMTP id h71JMZk0028777 for ; Fri, 1 Aug 2003 15:22:35 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])h71JMVME005579 for ; Fri, 1 Aug 2003 15:22:31 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.9.3p2) id PAA04887; Fri, 1 Aug 2003 15:22:31 -0400 (EDT) To: kerberos-announce@mit.edu From: Tom Yu Date: Fri, 01 Aug 2003 15:22:27 -0400 Message-ID: Lines: 41 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id h71JMZk0028777 X-Mailman-Approved-At: Fri, 01 Aug 2003 15:25:00 -0400 Subject: krb5-1.3.1 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Fri, 01 Aug 2003 19:22:36 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.3.1. Please see below for a list of some major changes since krb5-1.3, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.3.1 =================================== You may retrieve the Kerberos 5 Release 1.3.1 source from the following URL: http://web.mit.edu/network/kerberos-form.html The homepage for the krb5-1.3.1 release is: http://web.mit.edu/kerberos/krb5-1.3/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES SINCE RELEASE 1.3 =============================== * The incorrect encoding of the ETYPE-INFO2 preauthentication hint is no longer emitted, and the both the incorrect and the correct encodings of ETYPE-INFO2 are now accepted. We STRONGLY encourage deploying krb5-1.3.1 in preference to 1.3, especially on client installations, as the 1.3 release did not conform to the internet-draft for the revised Kerberos protocol in its encoding of ETYPE-INFO2. * The non-caching getaddrinfo() API on Mac OS X, which was causing significant slowdowns under some circumstances, has been worked around. ========================= Tom Yu MIT Information Systems Kerberos Development Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iQCVAwUBPyq99qbDgE/zdoE9AQGjCAP/T8NYQ7Z8V1qMLB7BdB1B40m8nhM03WGx S0Yi+4QMYjItvL0rZeombdyyTYqcIZvZdLZPv5CAmkKqnPGqY3J0MaiD2B9kHOTX y2Hw5UXHh+5LGbz7gK3JpJRJ+5E/NPVITPuMGBmBzhSGA+uyoniWPNN6dy5txXdt 4DVA4mg2wZE= =72pm -----END PGP SIGNATURE----- From tlyu@MIT.EDU Thu Aug 7 13:12:50 2003 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p1/8.12.8) with ESMTP id h77HCok0010180 for ; Thu, 7 Aug 2003 13:12:50 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])h77HCjQZ022013 for ; Thu, 7 Aug 2003 13:12:45 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.9.3p2) id NAA23615; Thu, 7 Aug 2003 13:12:45 -0400 (EDT) To: kerberos-announce@mit.edu From: Tom Yu Date: Thu, 07 Aug 2003 13:12:40 -0400 Message-ID: Lines: 15 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id h77HCok0010180 X-Mailman-Approved-At: Thu, 07 Aug 2003 13:14:50 -0400 Subject: MIT Kerberos for Windows 2.5 beta 5 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Thu, 07 Aug 2003 17:12:51 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos for Windows 2.5 beta 5, the third public testing release. Major new features of this release include: - - Based on MIT Kerberos v5 1.3.1 - - Continued refinements to Leash Please consult the Release Notes file for further details on changes. The distribution packages and Release Notes are available from the authorized downloads link on the MIT Kerberos web page, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iQCVAwUBPzKIjKbDgE/zdoE9AQFVjwQAxuLgzgVAb19cEu/q4DDmMTSOVBAc0pvn byxYNY6zI+hkoBqHucwKUBWGx6zRh3Y4yNwBDOG2ZxS4UO5/Hsl44p331oFsO9dv mqSkWH89MSDRutnvU//3NK2G+I2UHK9ZQuf69vNchb4LDraLJMyCkUAvKAP85RaT bPIMWuDyzHM= =2o2p -----END PGP SIGNATURE----- From tlyu@MIT.EDU Mon Aug 11 15:08:38 2003 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p1/8.12.8) with ESMTP id h7BJ8ck0005708 for ; Mon, 11 Aug 2003 15:08:38 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])h7BJ8buG022669 for ; Mon, 11 Aug 2003 15:08:37 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.9.3p2) id PAA14507; Mon, 11 Aug 2003 15:08:37 -0400 (EDT) To: kerberos-announce@mit.edu From: Tom Yu Date: Mon, 11 Aug 2003 15:08:32 -0400 Message-ID: Lines: 21 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id h7BJ8ck0005708 X-Mailman-Approved-At: Mon, 11 Aug 2003 15:09:54 -0400 Subject: MIT Kerberos for Windows 2.5 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Mon, 11 Aug 2003 19:08:38 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team is pleased to announce the immediate availability of MIT Kerberos for Windows 2.5. Major new features of this release include: - - Based on MIT Kerberos v5 1.3.1 - - Numerous improvements to Leash including: + MS LSA integration + krb524 support + addressless tickets + auto-ticket renewal + a new "sleek" look Please consult the Release Notes file included in the distribution package for further details on changes. The distribution packages and Release Notes are available from the authorized downloads link on the MIT Kerberos web page, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iQCVAwUBPzfptKbDgE/zdoE9AQGWhwP9EyRUhiqMzN/9zH8z1AFHJGlCWv2X9n5V U1ZdvsvpbbBWqH961ca2E28T2+x59g3XsETvnavG3BVe0AnjKPdKUwXhlxGZjWfq HZZQt0abYf393k4SD59awB4bRDbX74COA77381fzSY0+kgVERCg5NB+J04LQ0vFC mYk6EJPmoF8= =Akhh -----END PGP SIGNATURE----- From hartmans@MIT.EDU Tue Oct 7 16:37:34 2003 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id h97KbYgH017718 for ; Tue, 7 Oct 2003 16:37:34 -0400 (EDT) Received: from konishi-polis.mit.edu (STRATTON-FOUR-FORTY-SIX.MIT.EDU [18.187.6.191])h97KbY7h007886 for ; Tue, 7 Oct 2003 16:37:34 -0400 (EDT) Received: by konishi-polis.mit.edu (Postfix, from userid 8042) id E6FF0151D9B; Tue, 7 Oct 2003 16:37:31 -0400 (EDT) To: kerberos-announce@MIT.EDU Message-Id: <20031007203731.E6FF0151D9B@konishi-polis.mit.edu> Date: Tue, 7 Oct 2003 16:37:31 -0400 (EDT) From: hartmans@MIT.EDU (Sam Hartman) X-Mailman-Approved-At: Tue, 07 Oct 2003 16:51:23 -0400 Subject: Kerberos to drop support for kadmind4 and v5passwdd X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Tue, 07 Oct 2003 20:37:35 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIt is announcing the end-of-life for two Kerberos administration services. These services will continue to be provided in the 1.3.x versions of MIT Kerberos, but will not appear in future versions of Kerberos. The first service is the v5passwdd service. This service allows certain old terminal servers to change their password. When we asked for feedback from the Kerberos community, no one was using this service who could not use the more modern Kerberos password changing protocol to accomplish the same goal. The corresponding v5passwd client will also be end-of-lifed. The more modern kpasswd client and kadmin utility will continue to be supported. In addition, MIT is announcing the end-of-life for the kadmind4 server. This server provided backward compatibility so that Kerberos 4 administration clients could submit administration requests to a MIT Kerberos 5 administration server. Because of the code quality and the relative scarcity of version 4 administration clients, we will no longer support this functionality beyond the 1.3.x versions of Kerberos. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 iD8DBQE/gyQF/I12czyGJg8RAqLUAJ9PlSJ9IR60Fq1VjnpMRmR/CgWmNACfUr9b Xn/rWGZ0vSfU+mmDcxusr5o= =ifd8 -----END PGP SIGNATURE----- From tlyu@MIT.EDU Fri Oct 24 15:25:44 2003 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id h9OJPiqb000917 for ; Fri, 24 Oct 2003 15:25:44 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])h9OJPhnF021096 for ; Fri, 24 Oct 2003 15:25:43 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id h9OJPhdm016948; Fri, 24 Oct 2003 15:25:43 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Fri, 24 Oct 2003 15:25:39 -0400 Message-ID: Lines: 20 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id h9OJPiqb000917 X-Mailman-Approved-At: Fri, 24 Oct 2003 15:29:15 -0400 Subject: New Kerberos for Macintosh ships with Mac OS X 10.3 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Fri, 24 Oct 2003 19:25:45 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Development team is pleased to announce that as part of its ongoing collaboration with Apple, Mac OS X 10.3 ("Panther") ships with another new version of Kerberos for Macintosh pre-installed. Improvements in Kerberos for Macintosh 5.0 include a redesigned and streamlined Kerberos Login dialog with GUI for getting addressless and renewable tickets, krb5 1.3.1, KDC binaries and utilities now included, support for DNS lookups of KDCs, improved Windows interoperability, and an updated Kerberos application with improved appearance and performance and support for new KfM features. For more details about new features and changes in the Mac OS X 10.3 version of Kerberos, see: For all problems, questions, and suggestions regarding Kerberos on Mac OS X, you should contact Apple Computer. They will relay questions to MIT as necessary. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iQCVAwUBP5l8tqbDgE/zdoE9AQHy5wQAgx3g7QyXZ2dYR9RrxKNRTHCUDwxBUC7D 9Zz8ijogm3clbJzIygSwwV89VK/jCYwTb2LdSJY28bl/IXhCFYipk03xuU1iGST6 6NLk2TPtsdm7ofwmmk4jX7G373qj5W103WrgcgIIkGBC70ngsbUlvrzwqKhPvarY AcHzIW7eeE0= =vUyu -----END PGP SIGNATURE----- From tlyu@MIT.EDU Fri Oct 24 15:27:43 2003 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id h9OJRhqb000936 for ; Fri, 24 Oct 2003 15:27:43 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])h9OJRgnF022101 for ; Fri, 24 Oct 2003 15:27:42 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id h9OJRgjP016953; Fri, 24 Oct 2003 15:27:42 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Fri, 24 Oct 2003 15:27:37 -0400 Message-ID: Lines: 18 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id h9OJRhqb000936 X-Mailman-Approved-At: Fri, 24 Oct 2003 15:29:15 -0400 Subject: Mac OS X Kerberos Extras updated for Mac OS X 10.3 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Fri, 24 Oct 2003 19:27:43 -0000 -----BEGIN PGP SIGNED MESSAGE----- Just a reminder to coincide with today's release of Mac OS X 10.3 ("Panther"), the MIT Kerberos team has released an updated version of the Mac OS X Kerberos Extras that work with both Mac OS X 10.2 (Jaguar) and Mac OS X 10.3 (Panther). The Mac OS X Kerberos Extras allow CFM-based applications, such as Eudora and Fetch, to work with OS X's built-in Kerberos. Older releases of the OS X Kerberos Extras will not work with Mac OS X 10.3. You must have the latest release (which was released back in June) for it to work with Panther. However, this new release is backwards compatible with Mac OS X 10.2 as well as supporting 10.3. For further information and to download the updated Mac OS X Kerberos Extras, go to: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iQCVAwUBP5l9LabDgE/zdoE9AQFqVAP/cQQ/zxvdAG3zxk5MpGCPgRlWbkWfD2Gl KrDXE96oLW8BrCE/aWiFPPoYoaGM5j8Eu3YcDf4TKiTQcXOCTh6+MCE6dsigzLcb GoA3iqq18yufxD8ohA0vlghN/tChFWWLA1+rqbvs6D2mCHoZKjEMznHkL5lWszbK XVEfL/szqa8= =rAbI -----END PGP SIGNATURE----- From tlyu@MIT.EDU Mon Nov 3 16:44:34 2003 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id hA3LiYqb008263 for ; Mon, 3 Nov 2003 16:44:34 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])hA3LiXnh021282 for ; Mon, 3 Nov 2003 16:44:33 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id hA3LiX72011843; Mon, 3 Nov 2003 16:44:33 -0500 (EST) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Mon, 03 Nov 2003 16:44:30 -0500 Message-ID: Lines: 13 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id hA3LiYqb008263 X-Mailman-Approved-At: Mon, 03 Nov 2003 16:46:20 -0500 Subject: Kerberos download restrictions relaxed X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Mon, 03 Nov 2003 21:44:34 -0000 -----BEGIN PGP SIGNED MESSAGE----- MIT is no longer restricting downloads of Kerberos to the United States and Canada. US export laws may still apply; please see our download page http://web.mit.edu/kerberos/dist/index.html for more details. The main MIT Kerberos web page is http://web.mit.edu/kerberos/ Thanks to Marc Horowitz and crypto-publish.org for providing export mirroring while we sought approval for updating our export procedures. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard iQCVAwUBP6bMQabDgE/zdoE9AQG/uwQAsUHxbkKxEJ73F9268DVShq/V0SHcliz4 AoNu2+M1fz1Mmr/gbb7N0atT3zqUNpR3Y6CA2smo0g5yibMZICwCQJEEovjFRsI3 pjieYqmGAtotcc5b/J+KPpQ/HmTvrdo70eewVvQQ+xu2oiUV3+5e3RHLJdY/BnHP BwIGd/ZjcFc= =oVIw -----END PGP SIGNATURE----- From tlyu@MIT.EDU Wed Jan 14 19:38:21 2004 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i0F0cLqb022918 for ; Wed, 14 Jan 2004 19:38:21 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i0F0cKaP013641 for ; Wed, 14 Jan 2004 19:38:20 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i0F0cKlw023348; Wed, 14 Jan 2004 19:38:20 -0500 (EST) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Wed, 14 Jan 2004 19:38:13 -0500 Message-ID: Lines: 9 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Wed, 14 Jan 2004 19:45:56 -0500 Subject: MIT Kerberos for Windows 2.5 installer available X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Thu, 15 Jan 2004 00:38:22 -0000 -----BEGIN PGP SIGNED MESSAGE----- There is now an installer available for MIT Kerberos for Windows 2.5. You may download it from the MIT Kerberos distribution page, http://web.mit.edu/kerberos/dist/ The main MIT Kerberos web page is http://web.mit.edu/kerberos/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBQAXg/KbDgE/zdoE9AQFJQAP/dlpqJ6te7w1RmIWaIG5arF6i+crgA3lx gU9baRQVQHhR7IOAu+aCXBmih4UVeIh3ygHZ5z3e+vSzNc6svjPTDx9cMikze+r+ 7xpnuIGL6+aFHKsu/zCEdSi/M4K90mqqnYLe86RieDgPEG7mt1u1DxXEE3rMv5Rt 7g5VN3sZM1k= =2eYj -----END PGP SIGNATURE----- From tlyu@MIT.EDU Thu Feb 26 20:15:18 2004 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i1R1FIqb026478 for ; Thu, 26 Feb 2004 20:15:18 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i1R1FGxp025025 for ; Thu, 26 Feb 2004 20:15:16 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i1R1FGEU028423; Thu, 26 Feb 2004 20:15:16 -0500 (EST) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Thu, 26 Feb 2004 20:15:12 -0500 Message-ID: Lines: 42 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Thu, 26 Feb 2004 20:16:30 -0500 Subject: krb5-1.3.2 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Fri, 27 Feb 2004 01:15:19 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.3.2. Please see below for a list of some major changes since krb5-1.3.1, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.3.2 =================================== You may retrieve the Kerberos 5 Release 1.3.2 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.3.2 release is: http://web.mit.edu/kerberos/krb5-1.3/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES SINCE RELEASE 1.3.1 ================================= * Support for AES in GSSAPI has been implemented. This corresponds to the in-progress work in the IETF (CFX). * Added a new ccache type "MSLSA:" for read-only access to the MS Windows LSA cache. * On Windows, krb5.exe now has a checkbox to request addressless tickets. * To avoid compatibility problems, unrecognized TGS options will now be ignored. * 128-bit AES has been added to the default enctypes. * AES cryptosystem now chains IVs. This WILL break backwards compatibility for the kcmd applications, if they are using AES session keys. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBQD6aI6bDgE/zdoE9AQH+bwQAlC2pvr+DbnYNw8NzlBAng6Hpqf3b5StJ sZDakTpcOSalnouKv5TxRjLyG9hu9kz7e1Vl1/b9BDU5ROx9yTZnIV5PSxVO8JzR QjfCM/hp1k+UeEtc81b63Thw//le4PBMc+8NM03Rmyiro4780SXKcbgyV+yF5ijD Bj8AOFxdc1A= =uPfm -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Mar 23 16:15:43 2004 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i2NLFhqb001646 for ; Tue, 23 Mar 2004 16:15:43 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i2NLFgeh003928 for ; Tue, 23 Mar 2004 16:15:42 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i2NLFgRv019821; Tue, 23 Mar 2004 16:15:42 -0500 (EST) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Tue, 23 Mar 2004 16:15:38 -0500 Message-ID: Lines: 58 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Tue, 23 Mar 2004 16:17:06 -0500 Subject: MIT Kerberos for Windows 2.6 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Tue, 23 Mar 2004 21:15:44 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team is pleased to announce the immediate availability of MIT Kerberos for Windows 2.6. Please consult the Release Notes file included in the distribution package for further details on changes. The distribution packages and Release Notes are available from the download link on the MIT Kerberos distribution page, http://web.mit.edu/kerberos/dist/ The main MIT Kerberos web page is http://web.mit.edu/kerberos/ What's New in Kerberos for Windows 2.6: * Leash has been turned into a System Tray application * Leash implements IP address change detection which is used in conjunction with KDC Probing to determine when ticket getting dialogs should be displayed to the end user * Leash API functions no longer display dialogs to the end user on failure * Kerberos 5 Credential Cache Name changes are now functional * aklog support for Kerberos 5 credentials has been added [-5 switch] * krb5_cc api support for accessing the Microsoft Kerberos LSA cache in read-only mode. Use a ccache name of "MSLSA:". * Kerberos 5 library updated to release 1.3.2 * KClient and GSSAPI libraries will now automatically display the Leash Obtain Ticket Getting Tickets dialog box when a request for service tickets is made and no TGTs exist. This can be disabled by defining the environment variable KERBEROSLOGIN_NEVER_PROMPT. * The Leash online help functionality has been updated. The HtmlHelp engine is now used instead of WinHelp. All content has been updated. * A new installer based on the open source NullSoft Installation System is provided. Source is provided as part of the SDK to allow for customization. * A new GSS Sample Application client has been added to the distribution which is compatible with the Unix gss-server sample service. * Improvements to the Winsock Helper Library (WSHELP32.DLL) to avoid several problems related to initializing the list of DNS servers. Whenever possible the operating system versions of resolver functions are used instead of the internal versions. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBQGCo/abDgE/zdoE9AQEkZAP/YYaJLnyoWQ6b0jZSb7faw2GGL3J6CeeP +p53fMU1+i7gDz2fKaNAAdqcfYUAfnSUKzTDtDjNNlHxPsKFuaEaPm79xjT4u7Xw itc/WlrMlgJMUYCSn/QiGowXrr+zVp86ueCBCyOL4DCGHhASCbz4aFn89d+BgXem z7SZzddqJZ8= =YrwR -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Apr 6 19:21:47 2004 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i36NLl3v002724 for ; Tue, 6 Apr 2004 19:21:47 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i36NLgcP013735 for ; Tue, 6 Apr 2004 19:21:42 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i36NLgY7013525; Tue, 6 Apr 2004 19:21:42 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Tue, 06 Apr 2004 19:21:27 -0400 Message-ID: Lines: 35 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Tue, 06 Apr 2004 19:22:56 -0400 Subject: krb5-1.3.3 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: krbdev@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Tue, 06 Apr 2004 23:21:48 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.3.3. Please see below for a list of some major changes since krb5-1.3.2, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.3.3 =================================== You may retrieve the Kerberos 5 Release 1.3.3 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.3.3 release is: http://web.mit.edu/kerberos/krb5-1.3/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES SINCE RELEASE 1.3.2 ================================= * [2284] Fixed accept_sec_context to use a replay cache in the GSS_C_NO_CREDENTIAL case. Reported by Cesar Garcia. * [2426] Fixed a spurious SIGPIPE that happened in the TCP sendto_kdc code on AIX. Thanks to Bill Dodd. * [2430] Fixed a crash in the MSLSA ccache. * [2453] The AES string-to-key function no longer returns a pointer to stack memory when given a password longer than 64 characters. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBQHM7habDgE/zdoE9AQHrQAP+KHVnCT5DLw/BycQLh94nciovqFaDrd+4 6ksBQrD475anAK3uZQp+pl45yLeFrrOJT3bAisvUSd+V7nEfHMiqdOTdlgXsciJj kT6VT4HUzSH7u83UydvyZknCwpPNYxIrIFZ4TAaaTje7T47Pr4D81xMs+C4bKxKv npq68XyAChI= =x/U5 -----END PGP SIGNATURE----- From tlyu@MIT.EDU Wed Apr 14 17:20:27 2004 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i3ELKRos009463 for ; Wed, 14 Apr 2004 17:20:27 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i3ELKPDO027486 for ; Wed, 14 Apr 2004 17:20:25 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i3ELKJuH022420; Wed, 14 Apr 2004 17:20:19 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Wed, 14 Apr 2004 17:20:14 -0400 Message-ID: Lines: 45 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Wed, 14 Apr 2004 17:22:04 -0400 Subject: MIT Kerberos for Windows 2.6.1 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Wed, 14 Apr 2004 21:20:28 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos for Windows 2.6.1. The distribution packages and Release Notes are available from the download link on the MIT Kerberos distribution page, http://web.mit.edu/kerberos/dist/ The main MIT Kerberos web page is http://web.mit.edu/kerberos/ MIT Kerberos for Windows 2.6.1 is the currently supported release for Microsoft Windows 98/98SE/ME/NT4/2000/XP/2003. (Windows 95 is not supported). MIT KfW includes redistributable binaries, an SDK, documentation, source code, and an interactive installer. Please consult the Release Notes file included in the distribution package for further details on changes. Changes since KfW 2.6: * Includes MIT Kerberos 5 Release 1.3.3 * Compatibility issues with Windows 98/98SE/ME resolved * krb524d is no longer required when obtaining AFS tokens with Leash or aklog when using OpenAFS.ORG 1.3.63 or later releases. * kvno.exe, gss-client.exe, gss-server.exe now included in the distribution * The Leash Change Password function once again works with expired passwords * GSS-API applications will display an Obtain Tickets dialog when existing tickets are expired End user questions related to MIT KfW 2.6.1 should be addressed to kerberos@mit.edu. Bug reports should be addressed to kfw-bugs@mit.edu. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBQH2rEqbDgE/zdoE9AQHJgQQAp4cCCeOtWxorDZIgbuekNWtKo/0QQF9d bMe+1euZrNSi9e983m6QUzQVyyBrgeqYmzHWBAabteOQlvF6V7ACJ28VTcMfBrln OaW9KlFYE45r8gWTOJJAeEaUoHaekug7FrTAbdGCrL9aAAn2QINEO7UgpW9xulI0 eJzgkbNVXP4= =eueq -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue May 25 11:12:56 2004 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i4PFCuos002166 for ; Tue, 25 May 2004 11:12:56 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i4PFCtgJ025597 for ; Tue, 25 May 2004 11:12:55 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i4PFCtvK028489; Tue, 25 May 2004 11:12:55 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Tue, 25 May 2004 11:12:50 -0400 Message-ID: Lines: 36 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Tue, 25 May 2004 11:19:08 -0400 Subject: MIT Kerberos for Windows 2.6.2 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Tue, 25 May 2004 15:12:57 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos for Windows 2.6.2. The distribution packages and Release Notes are available from the download link on the MIT Kerberos distribution page, http://web.mit.edu/kerberos/dist/ The main MIT Kerberos web page is http://web.mit.edu/kerberos/ MIT Kerberos for Windows 2.6.2 is the currently supported release for Microsoft Windows 98/98SE/ME/NT4/2000/XP/2003. (Windows 95 is not supported). MIT KfW includes redistributable binaries, an SDK, documentation, source code, and an interactive installer. Please consult the Release Notes file included in the distribution package for further details on changes. Changes since KfW 2.6.1 * The behavior of the Leash automatic importing of credentials from the MSLSA credentials cache is now configurable. Options include never, always, and only if the MSLSA principal belongs to the default realm as specified in krb5.ini. * Keberos Ticket Initialization options modified within the Ticket Initialization dialog may now optionally be preserved. * A memory access error introduced in 2.6.1 has been eliminated. This problem was traced to errors in implementation of the MFC CSingleLock class. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBQLNidqbDgE/zdoE9AQG87QQA10zfWgon7B3xQd/TaQ/UIRxT1StmGKRn ga1sWSl/ygOqM4eXhGuSXtZv2FFl8nQCeM2ar9qRjvWO3yW3BcZQ5zdpYeEBHOSD Z+wwsbj2+EPoWniKYB+qbC8GpHPg4SiFw6ZV6kLHZD6x4dx62fZ8YpHwRQw2f186 FzPKii6Tn74= =D0yE -----END PGP SIGNATURE----- From tlyu@MIT.EDU Wed May 26 18:25:08 2004 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i4QMP8os029894 for ; Wed, 26 May 2004 18:25:08 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i4QMP7nc019519 for ; Wed, 26 May 2004 18:25:07 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i4QMP7aM028901; Wed, 26 May 2004 18:25:07 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Wed, 26 May 2004 18:25:03 -0400 Message-ID: Lines: 27 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Wed, 26 May 2004 18:26:21 -0400 Subject: MIT Kerberos for Windows 2.6.3 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Wed, 26 May 2004 22:25:09 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos for Windows 2.6.3. The distribution packages and Release Notes are available from the download link on the MIT Kerberos distribution page, http://web.mit.edu/kerberos/dist/ The main MIT Kerberos web page is http://web.mit.edu/kerberos/ MIT Kerberos for Windows 2.6.3 is the currently supported release for Microsoft Windows 98/98SE/ME/NT4/2000/XP/2003. (Windows 95 is not supported). MIT KfW includes redistributable binaries, an SDK, documentation, source code, and an interactive installer. Please consult the Release Notes file included in the distribution package for further details on changes. Changes since 2.6.2: * Prevents Leash from flooding the KDC with TGS_REQ messages when the Windows Logon Session is authenticated using Kerberos. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBQLUZQ6bDgE/zdoE9AQHRZAQAhYLaFnvEn2u9zjfoZf7ZEGJmnQJKuMQj 9cDeUz0HPYd2XtuT87/xnznmpB+z/SKjbD8NR7JcgALY9qF39ynMWzExKOL5frao n6nfwxVNV2vA4taHS9QJkD4g5rTZf1NKkjyaieau7WRJ6qS8z+I+AP+6h6KaN76M kQ/u3nx+OVU= =+eNP -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Jun 1 16:30:49 2004 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i51KUml1027109 for ; Tue, 1 Jun 2004 16:30:48 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i51KUksP026997 for ; Tue, 1 Jun 2004 16:30:46 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i51KUjBP018192; Tue, 1 Jun 2004 16:30:45 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Tue, 01 Jun 2004 16:30:45 -0400 Message-ID: Lines: 376 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Tue, 01 Jun 2004 16:31:15 -0400 Subject: MITKRB5-SA-2004-001: buffer overflows in krb5_aname_to_localname X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Tue, 01 Jun 2004 20:30:49 -0000 -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2004-001 2004-06-01 Topic: buffer overflows in krb5_aname_to_localname Severity: serious SUMMARY ======= The krb5_aname_to_localname() library function contains multiple buffer overflows which could be exploited to gain unauthorized root access. Exploitation of these flaws requires an unusual combination of factors, including successful authentication to a vulnerable service and a non-default configuration on the target service. (See MITIGATING FACTORS below.) No exploits are known to exist yet. IMPACT ====== A remote attacker can potentially execute arbitrary code on hosts running vulnerable services. MITIGATING FACTORS ================== Only configurations which enable the explicit mapping or rules-based mapping functionality of krb5_aname_to_localname() are vulnerable. These configurations are not the default. If the explicit mapping functionality is enabled, an attacker must authenticate using a principal name listed in the explicit mapping list. If the rules-based mapping functionality is enabled, an attacker must be able to create arbitrary principal names either in the local Kerberos realm or in a remote realm from which the local realm's services are reachable by cross-realm authentication. AFFECTED SOFTWARE ================= All releases of MIT Kerberos 5, up to and including krb5-1.3.3. The upcoming krb5-1.3.4 release will contain a fix for this problem. Affected services contained in these releases include the remote login applications (e.g., ftp, rsh, rlogin, telnet), as well as ksu. Third-party application servers using the affected functionality of the krb5 library may be vulnerable. These services are only vulnerable in non-default configurations. FIXES ===== * If you are using the vulnerable functionality, consider disabling it immediately. Complete disabling of any configuration of explicit mapping or rules-based mapping should prevent exploitation. * The upcoming krb5-1.3.4 release will contain a fix for this problem. * Apply the following patch to src/lib/krb5/os/an_to_ln.c, and recompile the affected libraries and applications. Index: an_to_ln.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/krb5/os/an_to_ln.c,v retrieving revision 5.39 diff -c -r5.39 an_to_ln.c *** an_to_ln.c 2002/09/03 19:29:34 5.39 - --- an_to_ln.c 2004/05/14 19:39:21 *************** *** 270,278 **** * If no regcomp() then just return the input string verbatim in the output * string. */ ! static void do_replacement(char *regexp, char *repl, int doall, char *in, char *out) { #if HAVE_REGCOMP regex_t match_exp; regmatch_t match_match; - --- 270,283 ---- * If no regcomp() then just return the input string verbatim in the output * string. */ ! #define use_bytes(x) \ ! out_used += (x); \ ! if (out_used > MAX_FORMAT_BUFFER) goto mem_err ! ! static int do_replacement(char *regexp, char *repl, int doall, char *in, char *out) { + size_t out_used = 0; #if HAVE_REGCOMP regex_t match_exp; regmatch_t match_match; *************** *** 287,303 **** do { if (!regexec(&match_exp, cp, 1, &match_match, 0)) { if (match_match.rm_so) { strncpy(op, cp, match_match.rm_so); op += match_match.rm_so; } strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); op += strlen(op); cp += match_match.rm_eo; ! if (!doall) strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); matched = 1; } else { strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); matched = 0; } - --- 292,313 ---- do { if (!regexec(&match_exp, cp, 1, &match_match, 0)) { if (match_match.rm_so) { + use_bytes(match_match.rm_so); strncpy(op, cp, match_match.rm_so); op += match_match.rm_so; } + use_bytes(strlen(repl)); strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); op += strlen(op); cp += match_match.rm_eo; ! if (!doall) { ! use_bytes(strlen(cp)); strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); + } matched = 1; } else { + use_bytes(strlen(cp)); strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); matched = 0; } *************** *** 322,338 **** - --- 332,352 ---- sdispl = (size_t) (loc1 - cp); edispl = (size_t) (loc2 - cp); if (sdispl) { + use_bytes(sdispl); strncpy(op, cp, sdispl); op += sdispl; } + use_bytes(strlen(repl)); strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); op += strlen(repl); cp += edispl; if (!doall) + use_bytes(strlen(cp)); strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); matched = 1; } else { + use_bytes(strlen(cp)); strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); matched = 0; } *************** *** 340,346 **** - --- 354,368 ---- #else /* HAVE_REGEXP_H */ memcpy(out, in, MAX_FORMAT_BUFFER); #endif /* HAVE_REGCOMP */ + return 1; + mem_err: + #ifdef HAVE_REGCMP + regfree(&match_exp); + #endif + return 0; + } + #undef use_bytes /* * aname_replacer() - Perform the specified substitutions on the input *************** *** 412,418 **** /* Do the replacemenbt */ memset(out, '\0', MAX_FORMAT_BUFFER); ! do_replacement(rule, repl, doglobal, in, out); free(rule); free(repl); - --- 434,445 ---- /* Do the replacemenbt */ memset(out, '\0', MAX_FORMAT_BUFFER); ! if (!do_replacement(rule, repl, doglobal, in, out)) { ! free(rule); ! free(repl); ! kret = KRB5_LNAME_NOTRANS; ! break; ! } free(rule); free(repl); *************** *** 459,464 **** - --- 486,492 ---- char *fprincname; char *selstring = 0; int num_comps, compind; + size_t selstring_used; char *cout; krb5_data *datap; char *outstring; *************** *** 479,484 **** - --- 507,513 ---- */ current = strchr(current, ':'); selstring = (char *) malloc(MAX_FORMAT_BUFFER); + selstring_used = 0; if (current && selstring) { current++; cout = selstring; *************** *** 497,502 **** - --- 526,539 ---- aname, compind-1)) ) { + if ((datap->length < MAX_FORMAT_BUFFER) + && (selstring_used+datap->length + < MAX_FORMAT_BUFFER)) { + selstring_used += datap->length; + } else { + kret = ENOMEM; + goto errout; + } strncpy(cout, datap->data, (unsigned) datap->length); *************** *** 527,533 **** else kret = KRB5_CONFIG_BADFORMAT; ! if (kret) free(selstring); } } - --- 564,570 ---- else kret = KRB5_CONFIG_BADFORMAT; ! errout: if (kret) free(selstring); } } *************** *** 643,649 **** const char *hierarchy[5]; char **mapping_values; int i, nvalid; ! char *cp; char *typep, *argp; unsigned int lnsize; - --- 680,686 ---- const char *hierarchy[5]; char **mapping_values; int i, nvalid; ! char *cp, *s; char *typep, *argp; unsigned int lnsize; *************** *** 677,687 **** /* Just use the last one. */ /* Trim the value. */ ! cp = &mapping_values[nvalid-1] ! [strlen(mapping_values[nvalid-1])]; ! while (isspace((int) (*cp))) cp--; ! cp++; ! *cp = '\0'; /* Copy out the value if there's enough room */ if (strlen(mapping_values[nvalid-1])+1 <= (size_t) lnsize) - --- 714,727 ---- /* Just use the last one. */ /* Trim the value. */ ! s = mapping_values[nvalid-1]; ! cp = s + strlen(s); ! while (cp > s) { ! cp--; ! if (!isspace((int)(*cp))) ! break; ! *cp = '\0'; ! } /* Copy out the value if there's enough room */ if (strlen(mapping_values[nvalid-1])+1 <= (size_t) lnsize) The patch was generated against krb5-1.3.3; it may apply, with some offset, to other releases. This patch may also be found at: http://web.mit.edu/kerberos/advisories/2004-001-an_to_ln_patch.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-001-an_to_ln_patch.txt.asc REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html ACKNOWLEDGMENTS =============== Thanks to Christopher Nebergall for finding the single-byte overflow. Thanks to Nico Williams for finding a vulnerability in the rules-based mapping. Thanks to Matt Crawford for useful comments. DETAILS ======= krb5_aname_to_localname() translates a Kerberos principal name to a local account name, typically a UNIX username. In the file src/lib/krb5/os/an_to_ln.c, the helper functions aname_replacer(), do_replacement(), and rule_an_to_ln() do not perform adequate checks of the lengths of strings which contain the name of the principal whose authorization is being checked. This can result in the overflow of heap buffers when an attacker authenticates using a sufficiently long principal name. In addition, the implementation of the explicit mapping functionality in krb5_aname_to_localname() consistently writes a zero byte at a location one byte past the end of a heap buffer when handling a principal name matching an explicit mapping. Single-byte overflows of heap buffers are known to be exploitable on some architectures. The vulnerability in the explicit mapping functionality was fixed around December 2003 in the development sources, but the fix was not propagated to the krb5-1.3.x release branch. REVISION HISTORY ================ 2004-06-01 original release Copyright (C) 2004 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBQLzhKKbDgE/zdoE9AQEIQAP+Nr2GZig5o2TM/0hxmuSDKuDCHQ8k4KBr NCucgV8qVfhXw6MLX+PLX96CniyaFjuKGlS6PS7z2eTRt6qsvxohR1gAfZ7olN5u pDOl5/D9CXnNqwz5ulh7TiaWuVXZab5RfjveZSvxi2fR2CCdUnBab/J4jzOeQyl+ bjJPpeMJiQE= =yGUt -----END PGP SIGNATURE----- From tlyu@MIT.EDU Thu Jun 3 17:01:18 2004 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i53L1Il1026412 for ; Thu, 3 Jun 2004 17:01:18 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i53L1GhD023785 for ; Thu, 3 Jun 2004 17:01:16 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i53L1Gs1000629; Thu, 3 Jun 2004 17:01:16 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Thu, 03 Jun 2004 17:01:16 -0400 Message-ID: Lines: 418 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Thu, 03 Jun 2004 17:02:04 -0400 Subject: UPDATED: MITKRB5-SA-2004-001: krb5_aname_to_localname X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Thu, 03 Jun 2004 21:01:19 -0000 -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2004-001 Original release: 2004-06-01 Last update: 2004-06-02 Topic: buffer overflows in krb5_aname_to_localname Severity: serious SUMMARY ======= [ patch corrected since original release ] The krb5_aname_to_localname() library function contains multiple buffer overflows which could be exploited to gain unauthorized root access. Exploitation of these flaws requires an unusual combination of factors, including successful authentication to a vulnerable service and a non-default configuration on the target service. (See MITIGATING FACTORS below.) No exploits are known to exist yet. IMPACT ====== A remote attacker can potentially execute arbitrary code on hosts running vulnerable services. MITIGATING FACTORS ================== Only configurations which enable the explicit mapping or rules-based mapping functionality of krb5_aname_to_localname() are vulnerable. These configurations are not the default, and we believe that they are uncommon. If the explicit mapping functionality is enabled, an attacker must authenticate using a principal name listed in the explicit mapping list. If the rules-based mapping functionality is enabled, an attacker must be able to create arbitrary principal names either in the local Kerberos realm or in a remote realm from which the local realm's services are reachable by cross-realm authentication. AFFECTED SOFTWARE ================= All releases of MIT Kerberos 5, up to and including krb5-1.3.3. The upcoming krb5-1.3.4 release will contain a fix for this problem. Affected services contained in these releases include the remote login applications (e.g., ftp, rsh, rlogin, telnet), as well as ksu. Third-party application servers using the affected functionality of the krb5 library may be vulnerable. These services are only vulnerable in non-default configurations. To learn if a configuration is vulnerable, examine the /etc/krb5.conf or other relevant krb5 configuration file, and look for entries of the (explicit mapping) form: auth_to_local_names = { aname = lname } or of the (rule-based mapping) form: auth_to_local = RULE:foo within a realm subsection. FIXES ===== * If you are using the vulnerable functionality, consider disabling it immediately. Complete disabling of any configuration of explicit mapping or rules-based mapping should prevent exploitation. * The upcoming krb5-1.3.4 release will contain a fix for this problem. * Apply the following patch to src/lib/krb5/os/an_to_ln.c, and recompile the affected libraries and applications. Index: an_to_ln.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/krb5/os/an_to_ln.c,v retrieving revision 5.39 diff -c -r5.39 an_to_ln.c *** an_to_ln.c 3 Sep 2002 19:29:34 -0000 5.39 - --- an_to_ln.c 2 Jun 2004 22:04:21 -0000 *************** *** 270,278 **** * If no regcomp() then just return the input string verbatim in the output * string. */ ! static void do_replacement(char *regexp, char *repl, int doall, char *in, char *out) { #if HAVE_REGCOMP regex_t match_exp; regmatch_t match_match; - --- 270,283 ---- * If no regcomp() then just return the input string verbatim in the output * string. */ ! #define use_bytes(x) \ ! out_used += (x); \ ! if (out_used > MAX_FORMAT_BUFFER) goto mem_err ! ! static int do_replacement(char *regexp, char *repl, int doall, char *in, char *out) { + size_t out_used = 0; #if HAVE_REGCOMP regex_t match_exp; regmatch_t match_match; *************** *** 287,303 **** do { if (!regexec(&match_exp, cp, 1, &match_match, 0)) { if (match_match.rm_so) { strncpy(op, cp, match_match.rm_so); op += match_match.rm_so; } strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); op += strlen(op); cp += match_match.rm_eo; ! if (!doall) strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); matched = 1; } else { strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); matched = 0; } - --- 292,313 ---- do { if (!regexec(&match_exp, cp, 1, &match_match, 0)) { if (match_match.rm_so) { + use_bytes(match_match.rm_so); strncpy(op, cp, match_match.rm_so); op += match_match.rm_so; } + use_bytes(strlen(repl)); strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); op += strlen(op); cp += match_match.rm_eo; ! if (!doall) { ! use_bytes(strlen(cp)); strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); + } matched = 1; } else { + use_bytes(strlen(cp)); strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); matched = 0; } *************** *** 322,338 **** sdispl = (size_t) (loc1 - cp); edispl = (size_t) (loc2 - cp); if (sdispl) { strncpy(op, cp, sdispl); op += sdispl; } strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); op += strlen(repl); cp += edispl; ! if (!doall) strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); matched = 1; } else { strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); matched = 0; } - --- 332,353 ---- sdispl = (size_t) (loc1 - cp); edispl = (size_t) (loc2 - cp); if (sdispl) { + use_bytes(sdispl); strncpy(op, cp, sdispl); op += sdispl; } + use_bytes(strlen(repl)); strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out)); op += strlen(repl); cp += edispl; ! if (!doall) { ! use_bytes(strlen(cp)); strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); + } matched = 1; } else { + use_bytes(strlen(cp)); strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out)); matched = 0; } *************** *** 340,346 **** - --- 355,369 ---- #else /* HAVE_REGEXP_H */ memcpy(out, in, MAX_FORMAT_BUFFER); #endif /* HAVE_REGCOMP */ + return 1; + mem_err: + #ifdef HAVE_REGCMP + regfree(&match_exp); + #endif + return 0; + } + #undef use_bytes /* * aname_replacer() - Perform the specified substitutions on the input *************** *** 412,418 **** /* Do the replacemenbt */ memset(out, '\0', MAX_FORMAT_BUFFER); ! do_replacement(rule, repl, doglobal, in, out); free(rule); free(repl); - --- 435,446 ---- /* Do the replacemenbt */ memset(out, '\0', MAX_FORMAT_BUFFER); ! if (!do_replacement(rule, repl, doglobal, in, out)) { ! free(rule); ! free(repl); ! kret = KRB5_LNAME_NOTRANS; ! break; ! } free(rule); free(repl); *************** *** 459,464 **** - --- 487,493 ---- char *fprincname; char *selstring = 0; int num_comps, compind; + size_t selstring_used; char *cout; krb5_data *datap; char *outstring; *************** *** 479,484 **** - --- 508,514 ---- */ current = strchr(current, ':'); selstring = (char *) malloc(MAX_FORMAT_BUFFER); + selstring_used = 0; if (current && selstring) { current++; cout = selstring; *************** *** 497,502 **** - --- 527,540 ---- aname, compind-1)) ) { + if ((datap->length < MAX_FORMAT_BUFFER) + && (selstring_used+datap->length + < MAX_FORMAT_BUFFER)) { + selstring_used += datap->length; + } else { + kret = ENOMEM; + goto errout; + } strncpy(cout, datap->data, (unsigned) datap->length); *************** *** 527,533 **** else kret = KRB5_CONFIG_BADFORMAT; ! if (kret) free(selstring); } } - --- 565,571 ---- else kret = KRB5_CONFIG_BADFORMAT; ! errout: if (kret) free(selstring); } } *************** *** 643,649 **** const char *hierarchy[5]; char **mapping_values; int i, nvalid; ! char *cp; char *typep, *argp; unsigned int lnsize; - --- 681,687 ---- const char *hierarchy[5]; char **mapping_values; int i, nvalid; ! char *cp, *s; char *typep, *argp; unsigned int lnsize; *************** *** 677,687 **** /* Just use the last one. */ /* Trim the value. */ ! cp = &mapping_values[nvalid-1] ! [strlen(mapping_values[nvalid-1])]; ! while (isspace((int) (*cp))) cp--; ! cp++; ! *cp = '\0'; /* Copy out the value if there's enough room */ if (strlen(mapping_values[nvalid-1])+1 <= (size_t) lnsize) - --- 715,728 ---- /* Just use the last one. */ /* Trim the value. */ ! s = mapping_values[nvalid-1]; ! cp = s + strlen(s); ! while (cp > s) { ! cp--; ! if (!isspace((int)(*cp))) ! break; ! *cp = '\0'; ! } /* Copy out the value if there's enough room */ if (strlen(mapping_values[nvalid-1])+1 <= (size_t) lnsize) The patch was generated against krb5-1.3.3; it may apply, with some offset, to other releases. This patch may also be found at: http://web.mit.edu/kerberos/advisories/2004-001-an_to_ln_patch.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-001-an_to_ln_patch.txt.asc REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CERT VU#686862: http://www.kb.cert.org/vuls/id/686862 ACKNOWLEDGMENTS =============== Thanks to Christopher Nebergall for finding the single-byte overflow. Thanks to Nico Williams for finding a vulnerability in the rules-based mapping. Thanks to Matt Crawford, John Hascall, and CERT for useful comments. Thanks to Bill Dodd for correcting an error in a prior patch. DETAILS ======= krb5_aname_to_localname() translates a Kerberos principal name to a local account name, typically a UNIX username. In the file src/lib/krb5/os/an_to_ln.c, the helper functions aname_replacer(), do_replacement(), and rule_an_to_ln() do not perform adequate checks of the lengths of strings which contain the name of the principal whose authorization is being checked. This can result in the overflow of heap buffers when an attacker authenticates using a sufficiently long principal name. In addition, the implementation of the explicit mapping functionality in krb5_aname_to_localname() consistently writes a zero byte at a location one byte past the end of a heap buffer when handling a principal name matching an explicit mapping. Single-byte overflows of heap buffers are known to be exploitable on some architectures. The vulnerability in the explicit mapping functionality was fixed around December 2003 in the development sources, but the fix was not propagated to the krb5-1.3.x release branch. REVISION HISTORY ================ 2004-06-02 patch updated to fix error 2004-06-01 original release Copyright (C) 2004 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBQL+P0abDgE/zdoE9AQEq+gP+LzNKb1oHemeD8rgL2ogIQ54ovxWIMCQ6 ixmiVO1zMO+89Y4zF7sVilpBVL5fK2cuDR7G2DXlC1whcMHaywVe57mDmGQ/Way+ QwvZM6WQc0fZEZPizBWIPYKTjztuX/FcI8ymHG7Ka1U+aA0dAUp68iWmA60RsiXz D1ncyk9a6FM= =taBK -----END PGP SIGNATURE----- From tlyu@MIT.EDU Fri Jun 11 18:23:08 2004 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i5BMN8l1003131 for ; Fri, 11 Jun 2004 18:23:08 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i5BMN6EV023218 for ; Fri, 11 Jun 2004 18:23:06 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i5BMN6nr012164; Fri, 11 Jun 2004 18:23:06 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Fri, 11 Jun 2004 18:22:59 -0400 Message-ID: Lines: 27 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Fri, 11 Jun 2004 18:23:48 -0400 Subject: krb5-1.3.4 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Fri, 11 Jun 2004 22:23:09 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.3.4. Please see below for a list of some major changes since krb5-1.3.3, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.3.4 =================================== You may retrieve the Kerberos 5 Release 1.3.4 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.3.4 release is: http://web.mit.edu/kerberos/krb5-1.3/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES SINCE RELEASE 1.3.3 ================================= * [2024, 2583, 2584] Fixed buffer overflows in krb5_aname_to_localname(). [MITKRB-SA-2004-001] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBQMowyqbDgE/zdoE9AQFd0QP9Ff81+V0X0aXfIM7o0SAjGfGSACVc4LCT zrSYCTJFcw7xE6GMHVtD253jukcm1Ep7tAX2q7tRDvcApZ6VPoXDCdLsjGRAQymk /AdNdFaWpSnyxRiSsSAqjiQfG5xWgYAiMXC7WOuDCi1xXgdP5HGOllGMHsOAgteC Lr9txu/1NRk= =8ztC -----END PGP SIGNATURE----- From tlyu@MIT.EDU Wed Jul 14 17:03:38 2004 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i6EL3bl1014943 for ; Wed, 14 Jul 2004 17:03:37 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i6EL3TjI008340 for ; Wed, 14 Jul 2004 17:03:29 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i6EL3Rbs002119; Wed, 14 Jul 2004 17:03:27 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Wed, 14 Jul 2004 17:03:10 -0400 Message-ID: Lines: 59 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Wed, 14 Jul 2004 17:04:48 -0400 Subject: MIT Kerberos for Windows 2.6.4 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Wed, 14 Jul 2004 21:03:38 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos for Windows 2.6.4. The distribution packages and Release Notes are available from the download link on the MIT Kerberos distribution page, http://web.mit.edu/kerberos/dist/ The main MIT Kerberos web page is http://web.mit.edu/kerberos/ MIT Kerberos for Windows 2.6.4 is a bug fix release containing the following changes: * Solve problem in MSLSA: ccache which would result in premature process termination on non-English versions of Windows if Kerberos credentials were not available from LSA credential manager. * Apply automatic import restrictions from the MSLSA credentials cache to the GSSAPI acquire credentials when necessary code. * Kerberos 5 library updated to release 1.3.4. See the Kerberos 5 README file for details of the changes in the Kerberos 5 version 1.3.4 distribution. * The Microsoft LSA Cache since its release has suffered from two deficiencies: (1) the KERB_EXTERNAL_TICKET does not provide a field containing the Client Principal's Realm; and (2) the LSA will not cache tickets if either a specific set of ticket flags or encryption types are specified. Microsoft will soon be making available via PSS a fix for Windows XP and Windows 2003 which will allow KFW to properly determine the Client Principal's Realm for all tickets in the LSA cache and instruct the LSA to cache all tickets obtained via the MSLSA: krb5_ccache interface. KFW 2.6.4 Beta 2 contains the code necessary to recognize that the fix has been installed and do the right thing to take advantage of this new (corrected) functionality. * a minor fix to the SDK * a change to the installer to support XP SP2 compatibility * a fix to the MSLSA to further reduce the number of queries sent to the KDC * Installer modified to create Terminal Server application compatibility registry entries * leash extended dialog functions corrected to properly implement forward compatibility MIT requests that all organizations which are distributing Kerberos for Windows update to this release. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBQPWfnqbDgE/zdoE9AQGOnAQAiP7Vd+lpMu81mpFA5WlC16xbsuXB1sjW GKJ0xdsjqpsNoPvWxpIXJF/sM8sAUTOV3edf6Ih046aO3gWaathJ9EOCpvlhXa7k 9R6DOG+UNESCeZB/pXXxhSdoL2B1uqUYLPfl52SRZOsO5tI4p+uR/lzu0RH3L34k ITAuY1hxhlI= =KJuX -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Aug 31 14:29:59 2004 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i7VITxWM002987 for ; Tue, 31 Aug 2004 14:29:59 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i7VITv9m026058 for ; Tue, 31 Aug 2004 14:29:57 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i7VITvXV006790; Tue, 31 Aug 2004 14:29:57 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Tue, 31 Aug 2004 14:29:57 -0400 Message-ID: Lines: 291 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Tue, 31 Aug 2004 14:32:28 -0400 Subject: MITKRB5-SA-2004-002: double-free vulnerabilities X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Tue, 31 Aug 2004 18:30:00 -0000 -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2004-002 Original release: 2004-08-31 Topic: double-free vulnerabilities in KDC and libraries Severity: CRITICAL SUMMARY ======= The MIT Kerberos 5 implementation's Key Distribution Center (KDC) program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire authentication realm served by the KDC. Additionally, double-free vulnerabilities exist in MIT Kerberos 5 library code, making client programs and application servers vulnerable. Exploitation of double-free bugs is believed to be difficult. No exploits are known to exist for these vulnerabilities. IMPACT ====== * A unauthenticated remote attacker can potentially execute arbitrary code on a KDC host, compromising an entire Kerberos realm. [CAN-2004-0642] * A remote attacker can potentially execute arbitrary code on a host running krb524d, possibly compromising an entire Kerberos realm if the host is a KDC host. [CAN-2004-0772] * An authenticated attacker can also potentially execute arbitrary code on hosts running vulnerable services. [CAN-2004-0643] * An attacker impersonating a legitimate KDC or application server can potentially execute arbitrary code on a client host while the client is authenticating. [CAN-2004-0642] AFFECTED SOFTWARE ================= * KDC software from all releases of MIT Kerberos 5 up to and including krb5-1.3.4. [CAN-2004-0642] * The krb524d program from krb5-1.2.8 and later. The krb524d present in earlier releases is vulnerable if it has been patched to disable krb4 cross-realm functionality. [CAN-2004-0772] * Applications calling the krb5_rd_cred() function in releases prior to krb5-1.3.2. Such applications in the MIT krb5 releases include the remote login daemons (krshd, klogind, and telnetd) and the FTP daemon. The krb5_rd_cred() function decrypts and decodes forwarded Kerberos credentials. Third-party applications calling this function directly or indirectly (by means of the GSSAPI or other libraries) are vulnerable. [CAN-2004-0643] * Client code from all releases of MIT Kerberos 5 up to and including krb5-1.3.4. Third-party applications directly or indirectly calling client library functions may also be vulnerable. [CAN-2004-0642] FIXES ===== * The upcoming krb5-1.3.5 release will contain fixes for these problems. * Apply the appropriate patch or patches referenced below, and rebuild the software. - If you are running krb5-1.3 through krb5-1.3.4, apply 2004-002-patch_1.3.4.txt. - If you are running krb5-1.3 through krb5-1.3.1, apply 2004-002-patch_1.3.1.txt. - If you are running krb5-1.2.8, apply 2004-002-patch_1.2.8.txt. - Things become more complicated if you are running krb5-1.2 through krb5-1.2.7. The correct set of patches to apply will depend on whether you have applied the patches to disable krb4 cross-realm functionality [MITKRB5-SA-2003-004]. + If you are running krb5-1.2.6 through krb5-1.2.7, and have applied the patches to disable krb4 cross-realm functionality, apply 2004-002-patch_1.2.8.txt. + If you are running krb5-1.2 through krb5-1.2.5, and have applied the patches to disable krb4 cross-realm functionality, apply 2004-002-patch_1.2.7.txt, followed by 2004-002-k524d_patch_1.2.5.txt. + If you are running krb5-1.2 through krb5-1.2.7, and have not applied the patches to disable krb4 cross-realm functionality, apply 2004-002-patch_1.2.7.txt. Summary chart of patches to apply for releases krb5-1.2 through krb5-1.2.7: | patched for 2003-004 | not patched for 2003-004 -----------+--------------------------------+-------------------------- krb5-1.2.7 | | -----------+ 2004-002-patch_1.2.8.txt | krb5-1.2.6 | | -----------+--------------------------------+ 2004-002-patch_1.2.7.txt krb5-1.2.5 | 2004-002-patch_1.2.7.txt | through | and | krb5-1.2 | 2004-002-k524d_patch_1.2.5.txt | Patches available: * Patch for krb5-1.3.4 (2004-002-patch_1.3.4.txt) * Patch for krb5-1.3.1 (2004-002-patch_1.3.1.txt) * Patch for krb5-1.2.8 (2004-002-patch_1.2.8.txt) * Patch for krb5-1.2.7 (2004-002-patch_1.2.7.txt) * Patch for krb524d in krb5-1.2.5 which has been previously patched to disable krb4 cross-realm (2004-002-k524d_patch_1.2.5.txt) Note: Each patch are generated against the specific release noted above. The patches may apply with some offset against other compatible releases listed above. 2004-002-patch_1.3.4.txt ======================== http://web.mit.edu/kerberos/advisories/2004-002-patch_1.3.4.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-002-patch_1.3.4.txt.asc 2004-002-patch_1.3.1.txt ======================== http://web.mit.edu/kerberos/advisories/2004-002-patch_1.3.1.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-002-patch_1.3.1.txt.asc 2004-002-patch_1.2.8.txt ======================== http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.8.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-002-patch_128.txt.asc 2004-002-patch_1.2.7.txt ======================== http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.7.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.7.txt.asc 2004-002-k524d_patch_1.2.5.txt ============================== http://web.mit.edu/kerberos/advisories/2004-002-k524d_patch_1.2.5.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-002-k524d_patch_1.2.5.txt.asc REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CERT VU#795632 http://www.kb.cert.org/vuls/id/795632 CVE CAN-2004-0642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0642 KDC and client libraries double-free on error conditions in MIT Kerberos 5 releases krb5-1.3.4 and earlier, allowing unauthenticated remote attackers to execute arbitrary code CERT VU#866472 http://www.kb.cert.org/vuls/id/866472 CVE CAN-2004-0643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0643 krb5_rd_cred() double-frees on error conditions in MIT Kerberos 5 releases krb5-1.3.1 and earlier, allowing authenticated attackers to execute arbitrary code VU#350792 http://www.kb.cert.org/vuls/id/350792 CVE CAN-2004-0772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0772 krb524d in krb5-1.2.8 and later double-frees on error conditions, allowing remote attackers to execute arbitrary code. Earlier releases patched for the krb4 protocol vulnerability [MITKRB5-SA-2003-004] are also vulnerable. ACKNOWLEDGMENTS =============== Thanks to Will Fiveash and Nico Williams at Sun for finding some of these vulnerabilities and for providing initial patches. Thanks to Marc Horowitz for discovering the krb524d vulnerability. Thanks to Nalin Dahyabhai for providing a corrected patch for krb524d in releases krb5-1.2 through krb5-1.2.5 in cases where krb524d has been patched to disable krb4 cross-realm functionality. Thanks to Joseph Galbraith and John Hawkinson, who both independently discovered the double-free in krb5_rd_cred() which was corrected in release krb5-1.3.2. DETAILS ======= In the MIT krb5 library, in all releases up to and including krb5-1.3.4, ASN.1 decoder functions and their callers do not use a consistent set of memory management conventions. The callers expect the decoders to allocate memory. The callers typically have error-handling code which frees memory allocated by the ASN.1 decoders if pointers to the allocated memory are non-null. Upon encountering error conditions, the ASN.1 decoders themselves free memory which they have allocated, but do not null the corresponding pointers. When some library functions receive errors from the ASN.1 decoders, they attempt to pass the non-null pointer (which points to freed memory) to free(), causing a double-free. In all releases of MIT krb5 up to and including krb5-1.3.4, cleanup code in the KDC frees memory returned by ASN.1 decoders. This cleanup code only frees memory pointed to by non-null pointers, but if an ASN.1 decoder returns an error, the cleanup code will free memory previously freed by the decoder. Implementations of krb5_rd_cred() prior to the krb5-1.3.2 release contained code to explicitly free the buffer returned by the ASN.1 decoder function decode_krb5_enc_cred_part() when the decoder returns an error. This is another double-free, since the decoder would itself free the buffer on error. Since decode_krb5_enc_cred_part() does not get called unless the decryption of the encrypted part of the KRB-CRED is successful, the attacker needs to have authenticated. This code was corrected in the krb5-1.3.2 release. The patch (introduced in krb5-1.2.8 and present in all subsequent releases) for disabling krb4 cross-realm authentication in krb524d introduced a double-free vulnerability. If handle_classic_v4() denies the conversion of a cross-realm ticket, v5tkt->enc_part2 gets freed but not nulled, so do_connection() double-frees many things when it subsequently calls krb5_free_ticket(). REVISION HISTORY ================ 2004-08-31 original release Copyright (C) 2004 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQTTAUabDgE/zdoE9AQHSFwP/S0bIduge4dDmZiTlDEUa5L1CjESpAq3O 905Ru47xTmKqKpCC6cpIxpFqeXZAZkc8HzIp4kaZUNJ3+cik2Mg+YSdP5mM9ys67 geZZoF6pufgh9Ym4gMK6YJjYxsJgSrEbcpgrYv710GEy1SqsE2o7O0Y5WSYv3Df+ 8Nz22+QoVzw= =dpRb -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Aug 31 14:30:15 2004 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i7VIUFWM003004 for ; Tue, 31 Aug 2004 14:30:15 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i7VIU4w0010995 for ; Tue, 31 Aug 2004 14:30:04 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i7VIU3JT006796; Tue, 31 Aug 2004 14:30:03 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Tue, 31 Aug 2004 14:30:03 -0400 Message-ID: Lines: 182 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Tue, 31 Aug 2004 14:32:28 -0400 Subject: MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Tue, 31 Aug 2004 18:30:16 -0000 -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2004-003 Original release: 2004-08-31 Topic: ASN.1 decoder denial of service Severity: serious SUMMARY ======= The ASN.1 decoder library in the MIT Kerberos 5 distribution is vulnerable to a denial-of-service attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack. IMPACT ====== * An unauthenticated remote attacker can cause a KDC or application server to hang inside an infinite loop. [CAN-2004-0644] * An attacker impersonating a legitimate KDC or application server may cause a client program to hang inside an infinite loop. [CAN-2004-0644] AFFECTED SOFTWARE ================= * KDC software and applications from MIT Kerberos 5 releases krb5-1.2.2 through krb5-1.3.4. * Applications using the MIT krb5 libraries from the above releases. FIXES ===== * The upcoming krb5-1.3.5 release will contain fixes for these problems. * Apply the appropriate patch referenced below, and rebuild the software. Patches available: * Patch against krb5-1.3.4 (should apply to earlier krb5-1.3.x releases) * Patch against krb5-1.2.8 (should apply to releases krb5-1.2.2 through krb5-1.2.7 as well) PATCH AGAINST krb5-1.3.4 ======================== * This patch was generated against krb5-1.3.4; it may apply, with some offset, to earlier krb5-1.3.x releases. This patch may also be found at: http://web.mit.edu/kerberos/advisories/2004-003-patch_1.3.4.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-003-patch_1.3.4.txt.asc Index: src/lib/krb5/asn.1/asn1buf.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/krb5/asn.1/asn1buf.c,v retrieving revision 5.24 *** src/lib/krb5/asn.1/asn1buf.c 12 Mar 2003 04:33:30 -0000 5.24 - --- src/lib/krb5/asn.1/asn1buf.c 23 Aug 2004 03:43:47 -0000 *************** *** 122,127 **** - --- 122,129 ---- return ASN1_OVERRUN; } while (nestlevel > 0) { + if (buf->bound - buf->next + 1 <= 0) + return ASN1_OVERRUN; retval = asn1_get_tag_2(buf, &t); if (retval) return retval; if (!t.indef) { PATCH AGAINST krb5-1.2.8 ======================== * This patch was generated against krb5-1.2.8; it may apply, with some offset, to releases krb5-1.2.2 through krb5-1.2.7. You are strongly encouraged to update to a release from the krb5-1.3.x series. This patch may also be found at: http://web.mit.edu/kerberos/advisories/2004-003-patch_1.2.8.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-003-patch_1.2.8.txt.asc Index: src/lib/krb5/asn.1/asn1buf.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/krb5/asn.1/asn1buf.c,v retrieving revision 5.19.2.1 diff -c -r5.19.2.1 asn1buf.c *** src/lib/krb5/asn.1/asn1buf.c 31 Jan 2001 18:00:12 -0000 5.19.2.1 - --- src/lib/krb5/asn.1/asn1buf.c 23 Aug 2004 03:54:50 -0000 *************** *** 140,145 **** - --- 140,147 ---- return ASN1_OVERRUN; } while (nestlevel > 0) { + if (buf->bound - buf->next + 1 <= 0) + return ASN1_OVERRUN; retval = asn1_get_tag_indef(buf, &class, &construction, &tagnum, &taglen, &tagindef); if (retval) return retval; REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CERT VU#550464 http://www.kb.cert.org/vuls/id/550464 CVE CAN-2004-0644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0644 ASN.1 decoder bug in MIT Kerberos 5 releases krb5-1.2.2 through krb5-1.3.4 allows unauthenticated remote attackers to induce infinite loop, causing denial of service, including in KDC code ACKNOWLEDGMENTS =============== Thanks to Will Fiveash and Nico Williams at Sun for finding this vulnerability. DETAILS ======= The ASN.1 decoder in the MIT krb5 library handles indefinite-length BER encodings for the purpose of backwards compatibility with some non-conformant implementations. The ASN.1 decoders call asn1buf_sync() to skip any trailing unrecognized fields in the encoding of a SEQUENCE type. asn1buf_sync() calls asn1buf_skiptail() if the ASN.1 SEQUENCE type being decoded was encoded with an indefinite length. asn1buf_sync() is provided with a prefetched BER tag; a placeholder tag is provided by the prefetching code in the case where there is are no more octets in a sub-encoding. The loop in asn1buf_skiptail() which attempts to skip trailing sub-encodings of an indefinite-length SEQUENCE type does not properly check for end-of-subbuffer conditions or for the placeholder tag, leading to an infinite loop. Valid BER encodings cannot cause this condition; however, it is trivial to construct a corrupt encoding which will trigger the infinite loop. REVISION HISTORY ================ 2004-08-31 original release Copyright (C) 2004 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQTTAIKbDgE/zdoE9AQHyngP+OiwJxYxeHuhNjyXMyCr79mqJcsPP17DB tsDgQ9jZiD0m+I7rgu+PmPJQfl8qgfEZsEsW5QXppJoC0gIICSqdWbYypXjVzEfh N7g8ydTIOkKk5WP+ahisWyHiIWg/iX66dDLupzxufgb+1p/2CwoXgTszCBlQP67o 3LMSqXJGDfw= =RAVs -----END PGP SIGNATURE----- From tlyu@MIT.EDU Fri Sep 10 17:46:23 2004 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i8ALkMWM007754 for ; Fri, 10 Sep 2004 17:46:22 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i8ALkLLx023092 for ; Fri, 10 Sep 2004 17:46:21 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i8ALkLiW017160; Fri, 10 Sep 2004 17:46:21 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Fri, 10 Sep 2004 17:46:17 -0400 Message-ID: Lines: 31 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Fri, 10 Sep 2004 17:47:33 -0400 Subject: krb5-1.3.5 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Fri, 10 Sep 2004 21:46:24 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.3.5. Please see below for a list of some major changes since krb5-1.3.4, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.3.5 =================================== You may retrieve the Kerberos 5 Release 1.3.5 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.3.5 release is: http://web.mit.edu/kerberos/krb5-1.3/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES SINCE RELEASE 1.3.4 ================================= * [2682] Fix ftpd hang caused by empty PASS command. * [2686] Fix double-free errors. [MITKRB5-SA-2004-002] * [2687] Fix denial-of-service vulnerability in ASN.1 decoder. [MITKRB5-SA-2004-003] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQUIgrabDgE/zdoE9AQFIugP/SQBUjR5SmDUNGNQ70NWMUZuvFqw3Wj6y 2+VYsM7nJ5iwWtttVLCQZIQREoJgpYTU3M/+Ttee5c4BsZoc30JPwjtcVWXLF74b p5NgY1lNnE30Vy1RwUYS9VA8skO2uS/IOoAyYGMzVF9qBcHpfEVIxeX87oxtDJHB jyjP4I0SJPY= =qQRY -----END PGP SIGNATURE----- From tlyu@MIT.EDU Fri Sep 17 15:38:30 2004 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i8HJcUWM011402 for ; Fri, 17 Sep 2004 15:38:30 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])i8HJcTIa006921 for ; Fri, 17 Sep 2004 15:38:29 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id i8HJcTpn017277; Fri, 17 Sep 2004 15:38:29 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Fri, 17 Sep 2004 15:38:22 -0400 Message-ID: Lines: 22 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Fri, 17 Sep 2004 15:39:16 -0400 Subject: MIT Kerberos for Windows 2.6.5 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Fri, 17 Sep 2004 19:38:31 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos for Windows 2.6.5. The distribution packages and Release Notes are available from the download link on the MIT Kerberos distribution page, http://web.mit.edu/kerberos/dist/ The main MIT Kerberos web page is http://web.mit.edu/kerberos/ Summary of changes since KfW 2.6.4: * Correct incompatibility between Kerberos 5 MSLSA krb5_ccache and Windows 2000 (introduced in 2.6.4) * Kerberos 5 library updated to release 1.3.5. * Add a new MSI based installation option for organizations which need to distribute KFW via group policy. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQUs9NabDgE/zdoE9AQGSSQQAwAJZsTA5frRl9K/AB9nA92BY1zNQKk2R XWRNfFC3QAWVFBHXQbFrFDJh7tN/IW4ar89swQcHonOreBsnLR9zt2RJVzf9n9lD /F023mnUsiUQj82ar/n8Z+TYJmtJ9EbWPtgRZuEd+04OktGqX9fCmFfAzqBxVZtj wDPJOP183ts= =oEIr -----END PGP SIGNATURE----- From tlyu@MIT.EDU Mon Dec 20 17:57:34 2004 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by mailman.mit.edu (8.12.8p2/8.12.8) with ESMTP id iBKMvYYR014854 for ; Mon, 20 Dec 2004 17:57:34 -0500 Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])iBKMuZx6008986 for ; Mon, 20 Dec 2004 17:56:35 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id iBKMuZEN011500; Mon, 20 Dec 2004 17:56:35 -0500 (EST) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Mon, 20 Dec 2004 17:56:34 -0500 Message-ID: Lines: 233 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 0 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Mon, 20 Dec 2004 17:58:14 -0500 Subject: MITKRB5-SA-2004-004: heap overflow in libkadm5srv X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Dec 2004 22:57:35 -0000 -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2004-004 Original release: 2004-12-20 Topic: heap buffer overflow in libkadm5srv Severity: serious SUMMARY ======= The MIT Kerberos 5 administration library (libkadm5srv) contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center (KDC) host. The overflow occurs during a password change of a principal with a certain password history state. An administrator must have performed a certain password policy change in order to create the vulnerable state. (See MITIGATING FACTORS below.) No exploits are known to exist at this time, though a public discussion of the bug took place during the first weeks of December 2004, containing sufficient detail that someone could infer how to perform an attack. Exploitation of this vulnerability is believed to be difficult, due to the limited extent of the overflow. IMPACT ====== An authenticated user, not necessarily one with administrative privileges, could execute arbitrary code on the KDC host, compromising an entire Kerberos realm. [CAN-2004-1189] MITIGATING FACTORS ================== * Typically, only a principal satisfying the following conditions can trigger the buffer overflow upon password change: + have changed its password fewer times than the history count in its password policy + had its password policy's history count subsequently reduced to equal the number of times it has changed its password * There are other means of producing the vulnerable state, though they are significantly more complex and much less likely. All of these other methods involve a reduction of the password history count in a password policy. * A workaround exists (see FIXES). AFFECTED SOFTWARE ================= * KDC software on all releases of MIT krb5, up to and including krb5-1.3.5. The vulnerable library is libkadm5srv. Programs which use the vulnerable functionality of the library include: + kadmind (administration daemon) + kadmin.local (KDC-local administration client) + kadmind4 (krb4 compatibility administration daemon) FIXES ===== * WORKAROUND: Until your KDC programs and libraries have been patched, do not decrease the password history count on any policy in your Kerberos realm. Also, if you have already decreased the password history count on a policy at some point in the past, you should raise it to the maximum value that it has had in the past. * The upcoming krb5-1.4 release (currently in beta test) will contain fixes for this problem. The krb5-1.4-beta3 release contains fixes for this problem. * The upcoming krb5-1.3.6 patch release contains fixes for this problem. * Apply the following patch to src/lib/kadm5/srv/svr_principal.c, and recompile the affected libraries and binaries. This patch was generated against krb5-1.3.5, and may apply, with some offset, to earlier releases. This patch may also be found at: http://web.mit.edu/kerberos/advisories/2004-004-patch_1.3.5.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-004-patch_1.3.5.txt.asc Index: svr_principal.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/kadm5/srv/svr_principal.c,v retrieving revision 1.26.2.1 diff -c -r1.26.2.1 svr_principal.c *** svr_principal.c 2 Sep 2003 18:58:56 -0000 1.26.2.1 - --- svr_principal.c 20 Dec 2004 19:47:29 -0000 *************** *** 1017,1022 **** - --- 1017,1025 ---- memset(&adb->old_keys[adb->old_key_len],0,sizeof(osa_pw_hist_ent)); adb->old_key_len++; + for (i = adb->old_key_len - 1; i > adb->old_key_next; i--) + adb->old_keys[i] = adb->old_keys[i - 1]; + memset(&adb->old_keys[adb->old_key_next],0,sizeof(osa_pw_hist_ent)); } else if (adb->old_key_len > pol->pw_history_num-1) { /* * The policy must have changed! Shrink the array. *************** *** 1039,1048 **** histp[i] = adb->old_keys[j]; } /* Now free the ones we don't keep (the oldest ones) */ ! for (i = 0; i < adb->old_key_len - (pol->pw_history_num - 1); i++) for (j = 0; j < adb->old_keys[KADM_MOD(i)].n_key_data; j++) krb5_free_key_data_contents(context, &adb->old_keys[KADM_MOD(i)].key_data[j]); free((void *)adb->old_keys); adb->old_keys = histp; adb->old_key_len = pol->pw_history_num - 1; - --- 1042,1053 ---- histp[i] = adb->old_keys[j]; } /* Now free the ones we don't keep (the oldest ones) */ ! for (i = 0; i < adb->old_key_len - (pol->pw_history_num-1); i++) { for (j = 0; j < adb->old_keys[KADM_MOD(i)].n_key_data; j++) krb5_free_key_data_contents(context, &adb->old_keys[KADM_MOD(i)].key_data[j]); + free(adb->old_keys[KADM_MOD(i)].key_data); + } free((void *)adb->old_keys); adb->old_keys = histp; adb->old_key_len = pol->pw_history_num - 1; *************** *** 1052,1061 **** - --- 1057,1070 ---- } } + if (adb->old_key_next + 1 > adb->old_key_len) + adb->old_key_next = 0; + /* free the old pw history entry if it contains data */ histp = &adb->old_keys[adb->old_key_next]; for (i = 0; i < histp->n_key_data; i++) krb5_free_key_data_contents(context, &histp->key_data[i]); + free(histp->key_data); /* store the new entry */ adb->old_keys[adb->old_key_next] = *pw; REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CERT VU#948033: http://www.kb.cert.org/vuls/id/948033 CVE CAN-2004-1189: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1189 Administration library in MIT Kerberos 5 release krb5-1.3.5 and earlier has a heap buffer overflow in code which handles password history, possibly allowing authenticated attackers to execute arbitrary code on a KDC host. ACKNOWLEDGMENTS =============== Thanks to Michael Tautschnig for reporting this problem. Thanks to Chaskiel Grundman and Luke Howard for providing debugging help on the mailing list. DETAILS ======= The vulnerable function is add_to_history() in src/lib/kadm5/srv/svr_principal.c. The password history is stored as a ring buffer, represented as an array of osa_pw_ent_rec, which is adb->old_keys. The "next" pointer is an index into the array, adb->old_key_next, and the length of the array is stored in adb->old_key_len. The array is dynamically resized as needed, and there is no separate head pointer. The policy's history count is stored in pol->pw_hist_num, but the actual maximum number of keys stored in adb->old_keys is pol->pw_hist_num-1, since the "current" key data are also used for history comparisons when a password change occurs. The index value adb->old_key_next is permitted to index to a position one past the end of the array adb->old_keys if adb->old_key_next is less than pol->pw_hist_num-1. This out-of-bounds indexing is usually fixed up when add_to_history() enlarges the array on a subsequent call. If pol->pw_hist_num is reduced to adb->old_key_next after a password change that causes adb->old_key_next to index out of bounds, a subsequent password change will not run the resizing code, and add_to_history() will write a password history entry past the end of the array adb->old_keys. REVISION HISTORY ================ 2004-12-20 original release Copyright (C) 2004 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQcdAH6bDgE/zdoE9AQEWogQAy7vS1GLO5gG/uX9rm15NUQEO5K07NaMu MdwZhITIR0tg5aIR2eecon1ahgdDFrZELnZ3G/+ArhLqH+yvmskmOLZGmRHQ9Q0l mMf4DbOWMQZgGNmbvTTAzg0GAuVYdw2+5acP7maj61O0nV9mQIOdeM7Y0HFj46QL EVf4jR0OsJY= =ZAwT -----END PGP SIGNATURE----- From tlyu@MIT.EDU Mon Dec 20 18:06:04 2004 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by mailman.mit.edu (8.12.8p2/8.12.8) with ESMTP id iBKN64YR015282 for ; Mon, 20 Dec 2004 18:06:04 -0500 Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])iBKN54x6023056 for ; Mon, 20 Dec 2004 18:05:04 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id iBKN54J0011542; Mon, 20 Dec 2004 18:05:04 -0500 (EST) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Mon, 20 Dec 2004 18:05:01 -0500 Message-ID: Lines: 27 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -4.9 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Mon, 20 Dec 2004 18:06:15 -0500 Subject: krb5-1.3.6 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Dec 2004 23:06:04 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.3.6. Please see below for a list of some major changes since krb5-1.3.5, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.3.6 =================================== You may retrieve the Kerberos 5 Release 1.3.6 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.3.6 release is: http://web.mit.edu/kerberos/krb5-1.3/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES SINCE RELEASE 1.3.5 ================================= * [2841] Fix heap buffer overflow in password history mechanism. [MITKRB5-SA-2004-004] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQcdaoKbDgE/zdoE9AQH+BgP9GYzCa8zviN3Dp0c/tpL5t/oZoASCe4pO iUqhrUpuX2JDjabOjK8l5iA/oem8yNe9KfXIPXJACdbpOFs8bGSB2EZ+D/n3Cb3i BoKQUh0yU9iXif+7J1FQtezIkXmSfC0r1RD10TapvXIzjO0tjqO9RAOP4yl1ugVU 7HhaRyZHkMI= =VtDx -----END PGP SIGNATURE----- From tlyu@MIT.EDU Thu Jan 27 18:44:17 2005 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j0RNiHh7026949 for ; Thu, 27 Jan 2005 18:44:17 -0500 Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96])j0RNiEUg028570 for ; Thu, 27 Jan 2005 18:44:14 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id j0RNiDv3026354; Thu, 27 Jan 2005 18:44:13 -0500 (EST) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Thu, 27 Jan 2005 18:44:09 -0500 Message-ID: Lines: 127 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -4.9 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Thu, 27 Jan 2005 18:46:38 -0500 Subject: krb5-1.4 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jan 2005 23:44:17 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.4. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.4 ================================= You may retrieve the Kerberos 5 Release 1.4 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.4 release is: http://web.mit.edu/kerberos/krb5-1.4/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ IMPORTANT NOTICE REGARDING KERBEROS 4 SUPPORT ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] its intention to withdraw the specification of DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the KDC support for version 4 of the Kerberos protocol is disabled by default. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled by default in the KDC), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos, possibly as early as the 1.5 release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos@mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Proposed Withdrawal of Federal Information Processing Standard (FIPS) for the Data Encryption Standard (DES) and Request for Comments. Federal Register 04-16894, 69 FR 44509-44510, 26 July 2004. DOCID:fr26jy04-31. [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf ====================================================================== MAJOR CHANGES ============= * Fix heap buffer overflow in password history mechanism. [MITKRB5-SA-2004-004] * Add implementation of the RPCSEC_GSS authentication flavor to the RPC library. Thanks to Kevin Coffman and the CITI group at the University of Michigan. * Thread safety for krb5 libraries. * Merged Athena telnetd changes for creating a new option for requiring encryption. * The kadmind4 backwards-compatibility admin server and the v5passwdd backwards-compatibility password-changing server have been removed. * Yarrow code now uses AES. * New client commands kcpytkt and kdeltkt for Windows. * New command mit2ms on Windows. * Merged Athena changes to allow ftpd to require encrypted passwords. * Incorporate gss_krb5_set_allowable_enctypes() and gss_krb5_export_lucid_sec_context(), which are needed for NFSv4, from Kevin Coffman. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQfl8zKbDgE/zdoE9AQH9PwP9Gcl80wn3krh/U4kwDHIjYd4x7ef+inCa BpD7a3/QwraSc9OTpEMkwqlcYaMNQ0+ISpOOtFdywKhXzen5qeXsZqehMsMbXXGV Iu7YmbNtJ88U2zLJM3NOyDqwEj5pVNsjPIFxQC7IqsieaKVMBI6c/Au0f4E2MR4M t0MvH53Kpns= =aYzP -----END PGP SIGNATURE----- From tlyu@MIT.EDU Mon Mar 28 18:16:05 2005 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j2SNG5h7025750 for ; Mon, 28 Mar 2005 18:16:05 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) j2SNG4HL013604 for ; Mon, 28 Mar 2005 18:16:04 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.12.4/8.12.4) with ESMTP id j2SNFv0b008884 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Mon, 28 Mar 2005 18:15:58 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id j2SNFu5F005088; Mon, 28 Mar 2005 18:15:56 -0500 (EST) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Mon, 28 Mar 2005 18:15:56 -0500 Message-ID: Lines: 117 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -4.9 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Mon, 28 Mar 2005 18:16:30 -0500 Subject: MITKRB5-SA-2005-001: buffer overflows in telnet client X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2005 23:16:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2005-001 Original release: 2005-03-28 Topic: Buffer overflows in telnet client Severity: serious SUMMARY ======= The telnet client program supplied with MIT Kerberos 5 has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution. IMPACT ====== An attacker controlling or impersonating a telnet server may execute arbitrary code with the privileges of the user running the telnet client. The attacker would need to convince the user to connect to a malicious server, perhaps by automatically launching the client from a web page. Additional user interaction may not be required if the attacker can get the user to view HTML containing an IFRAME tag containing a "telnet:" URL pointing to a malicious server. AFFECTED SOFTWARE ================= * telnet client programs included with the MIT Kerberos 5 implementation, up to and including release krb5-1.4. * Other telnet client programs derived from the BSD telnet implementation may be vulnerable. FIXES ===== * WORKAROUND: Disable handling of "telnet:" URLs in web browsers, email readers, etc., or remove execute permissions from the telnet client program. * The upcoming krb5-1.4.1 patch release will contain fixes for this problem. * Apply the patch found at: http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt.asc The patch was generated against the krb5-1.4 release. It may apply against earlier releases with some offset. REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html [IDEF0866] Multiple Telnet Client slc_add_reply() Buffer Overflow http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities CVE: CAN-2005-0469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469 [IDEF0867] Multiple Telnet Client env_opt_add() Buffer Overflow http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities CVE: CAN-2005-0468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468 ACKNOWLEDGMENTS =============== Thanks to iDEFENSE for notifying us of these vulnerabilities, and for providing useful feedback. DETAILS ======= The slc_add_reply() function in telnet.c performs inadequate length checking. By sending a carefully crafted telnet LINEMODE suboption string, a malicious telnet server may cause a telnet client to overflow a fixed-size data segment or BSS buffer and execute arbitrary code. The env_opt_add() function in telnet.c performs inadequate length checking. By sending a carefully crafted telnet NEW-ENVIRON suboption string, a malicious telnet server may cause a telnet client to overflow a heap buffer and execute arbitrary code. REVISION HISTORY ================ 2005-03-28 original release Copyright (C) 2005 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQkiLWqbDgE/zdoE9AQFSsgQAua79YPzliPsWCnWTBWNkk9DZnME4RYNu lmBkFlM2u/zaEAKQaml8QJ8k3TQ5WB0GztqSOEIWuG5ZahyOZQefrGCCHuD2JKFZ g4q6PNM7dvbUCBB9HcR+GHlgr+01ofMjVuhhZ8Rj0icqCs5MojP5+0VSqr94w1zv MS06L8DXn00= =LT9x -----END PGP SIGNATURE----- From tlyu@MIT.EDU Fri Apr 22 17:39:26 2005 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j3MLdQh7026389 for ; Fri, 22 Apr 2005 17:39:26 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) j3MLdPUP003385 for ; Fri, 22 Apr 2005 17:39:25 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.12.4/8.12.4) with ESMTP id j3MLdIq5019211 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Fri, 22 Apr 2005 17:39:18 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id j3MLdIh0002256; Fri, 22 Apr 2005 17:39:18 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Fri, 22 Apr 2005 17:39:13 -0400 Message-ID: Lines: 32 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -4.9 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Fri, 22 Apr 2005 17:40:24 -0400 Subject: krb5-1.4.1 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 21:39:26 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.4.1. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.4.1 =================================== You may retrieve the Kerberos 5 Release 1.4.1 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.4.1 release is: http://web.mit.edu/kerberos/krb5-1.4/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES ============= * The kadmin client library now performs authentication flavor fallback in a useful way when attempting to contact a pre-1.4 kadmin daemon. * Fix telnet client buffer overflow vulnerabilities. [MITKRB5-SA-2005-001] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQmlvBabDgE/zdoE9AQHMrAQAxttlyltGvwbQtM3w/9o3QQlwkPtMxz6N IPKv2P0Wok5mqvY7Xbdw5piBvnCUuWyU6WFSLJ7pBBl7RWGEsDjKUTk6bR5UwWga OcsKe98/J2nT+MPxRse50MVk2EiqBRMRm2e5kclJF6kB+hy6mh6+h/DrqvbZPQFO gQM65jWY9Ag= =Kqav -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Jul 12 13:57:48 2005 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j6CHvmWn005871 for ; Tue, 12 Jul 2005 13:57:48 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) j6CHvtSW026853 for ; Tue, 12 Jul 2005 13:57:55 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.1/8.12.4) with ESMTP id j6CHvj4C020534 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 12 Jul 2005 13:57:45 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id j6CHvjio017120; Tue, 12 Jul 2005 13:57:45 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Tue, 12 Jul 2005 13:57:45 -0400 Message-ID: Lines: 176 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 1.041 X-Spam-Level: * (1.041) X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Tue, 12 Jul 2005 13:59:41 -0400 Subject: MITKRB5-SA-2005-002: buffer overflow, heap corruption in KDC X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 17:57:49 -0000 -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2005-002 Original release: 2005-07-12 Topic: buffer overflow, heap corruption in KDC Severity: CRITICAL SUMMARY ======= The MIT krb5 Key Distribution Center (KDC) implementation can corrupt the heap by attempting to free memory at a random address when it receives a certain unlikely (but valid) request via a TCP connection. This attempt to free unallocated memory can result in a KDC crash and consequent denial of service. [CAN-2005-1174, VU#259798] Additionally, the same request, when received by the KDC via either TCP or UDP, can trigger a bug in the krb5 library which results in a single-byte overflow of a heap buffer. Application servers are vulnerable to a highly improbable attack, provided that the attacker controls a realm sharing a cross-realm key with the target realm. [CAN-2005-1175, VU#885830] An unauthenticated attacker may be able to use these vulnerabilities to execute arbitrary code on the KDC host, potentially compromising an entire Kerberos realm. No exploit code is known to exist at this time. Exploitation of these vulnerabilities is believed to be difficult. IMPACT ====== An unauthenticated attacker may be able to execute arbitrary code on the KDC host, potentially compromising an entire Kerberos realm. An unsuccessful attack against the heap corruption vulnerability may result in a denial of service by crashing the KDC process. AFFECTED SOFTWARE ================= * [CAN-2005-1174] affects the KDC implementation in all MIT krb5 releases supporting TCP client connections to the KDC. This includes krb5-1.3 and later releases, up to and including krb5-1.4.1. * [CAN-2005-1175] affects KDC implementations and application servers in all MIT krb5 releases, up to and including krb5-1.4.1. Third-party application servers which use MIT krb5 are also affected. FIXES ===== * The upcoming krb5-1.4.2 release will have fixes for these vulnerabilities. * WORKAROUNDS: Disabling TCP support in the KDC avoids one vulnerability [CAN-2005-1174]. The single-byte overflow [CAN-2005-1175] is still possible even without KDC TCP support enabled. Running the KDC from init or from some similar automatic respawning facility may reduce the durations of denials of service, but this approach may make it difficult to detect deliberate attacks targeted at code execution. * Apply the patch at: http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt.asc The patch was generated against the krb5-1.4.1 release. It may apply, with some offset, to earlier releases. On releases prior to krb5-1.3, only the patch to lib/krb5/krb/unparse.c should be necessary. REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CAN-2005-1174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1174 CERT: VU#259798 http://www.kb.cert.org/vuls/id/259798 CVE: CAN-2005-1175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1175 CERT: VU#885830 http://www.kb.cert.org/vuls/id/885830 ACKNOWLEDGMENTS =============== Thanks to Daniel Wachdorf for reporting these vulnerabilities. DETAILS ======= Kerberos 5 principal names may have an arbitrary number of components. The krb5_unparse_name() function in the MIT krb5 library converts an internal representation of a Kerberos principal name into a human-readable string. The internal representation might have originated from the decoding of a Kerberos protocol message. The single-byte overflow occurs whenever the krb5_unparse_name() function is called on a principal name having zero components. The function writes a null byte to an address one beyond the end of a buffer allocated my malloc(). The corresponding krb5_parse_name() function never generates an internal representation having zero components; instead, it generates at least one zero-length component. The current string representation form of Kerberos principal names has some ambiguity between a zero-component principal name and a one-component principal name having a zero-length single component. Application servers which call krb5_unparse_name(), directly or indirectly, are vulnerable to the single-byte overflow in krb5_unparse_name(), provided that the attacker controls a realm which shares a cross-realm key with the target realm. This enables the attacker to use a cross-realm ticket for a zero-component client principal name, which the application server will then pass to krb5_unparse_name(), triggering the single-byte overflow. For this attack to succeed, the attacker needs access to a KDC in the target realm which will create a ticket for a zero-component client principal name. Since the current MIT krb5 KDC implementation will refuse to create such a ticket, the attack is unlikely to succeed unless the implementation has been altered to allow the issuance of tickets for zero-component client principal names. When the KDC fails to find the principal with a zero-component name in its database (such a principal is very unlikely to exist in most databases, as there are extremely few uses for such a principal), it attempts to encode an error packet containing the offending principal name, using prepare_error_as() or prepare_error_tgs(). This encoding attempt fails inside encode_krb5_error(), since the ASN.1 encoder function asn1_encode_principal_name() interprets the internal representation of a zero-component principal name as an error condition. encode_krb5_error() does not allocate an output buffer when it encounters an error condition. While the UDP request handling code in kdc/network.c:process_packet() does not attempt to free the output buffer containing the encoded message when it encounters an error, the TCP request handling code in process does free the buffer inside kill_tcp_connection(), which attempts to free unallocated memory pointed to by an uninitialized pointer. REVISION HISTORY ================ 2005-05-12 original release Copyright (C) 2005 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQtMbCabDgE/zdoE9AQFo9QP5AZMbr0YGmyzYbARTqFq+Lt+FYbfQ7XC/ c1hqTfsTkN0Mfh1I5d6dTjhXQT6kfN+EdNYfPhY+4LANB5CW9xe9BARPcW9i2ftt xSTIODrD6LdNtOCCut1ha3T5tcV5GodvXzj7dSClde29j0IJR6dBcigfvR4mAygw /U7r46obgM0= =SnqK -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Jul 12 13:58:22 2005 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j6CHwMWn005920 for ; Tue, 12 Jul 2005 13:58:22 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) j6CHwSSW027471 for ; Tue, 12 Jul 2005 13:58:28 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.1/8.12.4) with ESMTP id j6CHwHHb020695 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 12 Jul 2005 13:58:18 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id j6CHwHRv017132; Tue, 12 Jul 2005 13:58:17 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Tue, 12 Jul 2005 13:58:17 -0400 Message-ID: Lines: 136 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 1.041 X-Spam-Level: * (1.041) X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Tue, 12 Jul 2005 13:59:41 -0400 Subject: MITKRB5-SA-2005-003: double-free in krb5_recvauth X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2005 17:58:22 -0000 MIT krb5 Security Advisory 2005-003 Original release: 2005-07-12 Topic: double-free in krb5_recvauth Severity: CRITICAL SUMMARY ======= The krb5_recvauth() function can free previously freed memory under some error conditions. This vulnerability may allow an unauthenticated remote attacker to execute arbitrary code. Exploitation of this vulnerability on a Kerberos Key Distribution Center (KDC) host can result in compromise of an entire Kerberos realm. No exploit code is known to exist at this time. Exploitation of double-free vulnerabilities is believed to be difficult. [CAN-2005-1689, VU#623332] IMPACT ====== An unauthenticated attacker may be able to execute arbitrary code in the context of a program calling krb5_recvauth(). This includes the kpropd program which typically runs on slave Key Distribution Center (KDC) hosts, potentially leading to compromise of an entire Kerberos realm. Other vulnerable programs which call krb5_recvauth() are usually remote login programs running with root privileges. Unsuccessful attempts at exploitation may result in denial of service by crashing the target program. AFFECTED SOFTWARE ================= * The kpropd daemon in all releases of MIT krb5, up to and including krb5-1.4.1, is vulnerable. * The klogind and krshd remote-login daemons in all releases of MIT krb5, up to and including krb5-1.4.1, is vulnerable. * Third-party application programs which call krb5-recvauth() are also vulnerable. FIXES ===== * The upcoming krb5-1.4.2 release will have a fix for this vulnerability. * Apply the following patch. This patch was generated against the krb5-1.4.1 release. It may apply, with some offset, to earlier releases. The patch may also be found at: http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt.asc Index: lib/krb5/krb/recvauth.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/recvauth.c,v retrieving revision 5.38 diff -c -r5.38 recvauth.c *** lib/krb5/krb/recvauth.c 3 Sep 2002 01:13:47 -0000 5.38 --- lib/krb5/krb/recvauth.c 23 May 2005 23:19:15 -0000 *************** *** 76,82 **** if ((retval = krb5_read_message(context, fd, &inbuf))) return(retval); if (strcmp(inbuf.data, sendauth_version)) { - krb5_xfree(inbuf.data); problem = KRB5_SENDAUTH_BADAUTHVERS; } krb5_xfree(inbuf.data); --- 76,81 ---- *************** *** 90,96 **** if ((retval = krb5_read_message(context, fd, &inbuf))) return(retval); if (appl_version && strcmp(inbuf.data, appl_version)) { - krb5_xfree(inbuf.data); if (!problem) problem = KRB5_SENDAUTH_BADAPPLVERS; } --- 89,94 ---- REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CAN-2005-1689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689 CERT: VU#623332 http://www.kb.cert.org/vuls/id/623332 ACKNOWLEDGMENTS =============== Thanks to Magnus Hagander for reporting this vulnerability. DETAILS ======= The helper function revcauth_common() in lib/krb5/krb/recvauth.c has two locations which call krb5_read_message(), followed by an unconditional krb5_xfree() of the buffer allocated by krb5_read_message(). In the cases where the sendauth version string or the application version string do not match the expected value, recvauth_common() performs a krb5_xfree() on the buffer allocated by krb5_read_message() preceding the subsequent unconditional call to krb5_xfree() on the same buffer. Since the code paths which call krb5_xfree() twice do so with almost no intervening code, exploitation of this vulnerability may be more difficult than exploitation of other double-free vulnerabilities. No detailed analysis has been performed on the ease of exploitation. REVISION HISTORY ================ 2005-05-12 original release Copyright (C) 2005 Massachusetts Institute of Technology From tlyu@MIT.EDU Wed Aug 10 17:24:06 2005 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j7ALO6Wn009448 for ; Wed, 10 Aug 2005 17:24:06 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) j7ALOG5h001604 for ; Wed, 10 Aug 2005 17:24:17 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.1/8.12.4) with ESMTP id j7ALOAq9009289 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 10 Aug 2005 17:24:10 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id j7ALOAHT008291; Wed, 10 Aug 2005 17:24:10 -0400 (EDT) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Wed, 10 Aug 2005 17:24:07 -0400 Message-ID: Lines: 31 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 1.041 X-Spam-Level: * (1.041) X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Wed, 10 Aug 2005 17:25:20 -0400 Subject: krb5-1.4.2 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Aug 2005 21:24:06 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.4.2. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.4.2 =================================== You may retrieve the Kerberos 5 Release 1.4.2 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.4.2 release is: http://web.mit.edu/kerberos/krb5-1.4/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES ============= * Fix [MITKRB5-SA-2005-002] KDC double-free and heap overflow. Thanks to Daniel Wachdorf for reporting these vulnerabilities. * Fix [MITKRB5-SA-2005-003] krb5_recvauth() double-free. Thanks to Magnus Hagander for reporting this vulnerability. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQvpweabDgE/zdoE9AQEiKAP/aDE8aK7c1gfyeUHE2DJD9ZSYJtEVmxpg xRM8AUlo9KV04u6dHqvDFG6aFRC3iQnF4TID+Aq4sSIen7vXWTIYPjKwu5sjn2OG 8qgaLERkkgaHOfb16TYMVTmaLxvxGNlo0TiPCwtM96XS8Pu1BwAaJHvpiLBAuwER lqpyRupZzhY= =vR7x -----END PGP SIGNATURE----- From tlyu@MIT.EDU Wed Nov 16 20:24:17 2005 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id jAH1OHpx027431 for ; Wed, 16 Nov 2005 20:24:17 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) jAH1OQYB027646 for ; Wed, 16 Nov 2005 20:24:26 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.1/8.12.4) with ESMTP id jAH1OORS006862 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 16 Nov 2005 20:24:25 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id jAH1OOMG002668; Wed, 16 Nov 2005 20:24:24 -0500 (EST) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Wed, 16 Nov 2005 20:24:21 -0500 Message-ID: Lines: 21 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 1.217 X-Spam-Level: * (1.217) X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Wed, 16 Nov 2005 20:25:02 -0500 Subject: krb5-1.4.3 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2005 01:24:17 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.4.3. This is primarily a bugfix release. Please see the README file in the source tree for a detailed list of changes. RETRIEVING KERBEROS 5 RELEASE 1.4.3 =================================== You may retrieve the Kerberos 5 Release 1.4.3 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.4.3 release is: http://web.mit.edu/kerberos/krb5-1.4/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQ3vbyKbDgE/zdoE9AQGdYwP9H/jFewL9cOdMuKyQC/pxsIO/sWBfra+1 DB8c7oyquns59V4nq13s9EhJ1y7vgYAMWSTHauEf6Jke+gfd0qgHqHd1Amlwq7Wa BcIt1KQzRx1a1zvFnQ4zQJLYbmUI1skApn9t2g52nEqpqYezHJZ9cTX9vu8AJOqK cT3JHUkNuF4= =lIsU -----END PGP SIGNATURE----- From tlyu@MIT.EDU Mon Dec 5 21:39:21 2005 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id jB62dLpx013508 for ; Mon, 5 Dec 2005 21:39:21 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) jB62dUHg000842 for ; Mon, 5 Dec 2005 21:39:30 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.1/8.12.4) with ESMTP id jB62dNLf004555 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Mon, 5 Dec 2005 21:39:23 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id jB62dNtG012237; Mon, 5 Dec 2005 21:39:23 -0500 (EST) To: kerberos-announce@MIT.EDU From: Tom Yu Date: Mon, 05 Dec 2005 21:39:19 -0500 Message-ID: Lines: 151 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 1.217 X-Spam-Level: * (1.217) X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Mon, 05 Dec 2005 21:40:06 -0500 Subject: Kerberos for Windows version 3.0 is released X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1 Precedence: list Reply-To: kerberos@mit.edu List-Id: Kerberos announcements (moderated) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Dec 2005 02:39:21 -0000 -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Development Team is proud to announce the release of the next major revision of our Kerberos for Windows product, Version 3.0. Version 3.0 provides several often requested new features: * thread-safe Kerberos 5 libraries (provided by Kerberos 5 release 1.4.3) * a replacement for the Leash Credential Manager called the Network Identity Manager - a visually enticing application that takes advantage of all of the modern XP style User Interface enhancements - supports the management of multiple Kerberos 5 identities in a variety of credential cache types including CCAPI and FILE. - credentials can be organized by credential cache location or by identity - a single identity can be marked as the default for use by applications that request the current default credential cache - Network Identity Manager is built upon the Khimaira Identity Management Framework introduced this past summer at the AFS & Kerberos Best Practices Conference at CMU. - Credential Managers for Kerberos 5 and Kerberos 4 are provided. An AFS Credential Manager will be made available by Secure Endpoints Inc. http://www.secure-endpoints.com - The Khimaira framework is a pluggable engine into which custom Identity Managers and Credential Managers can be added. Organizations interested in building plug-ins for the Network Identity Manager may contact Jeffrey Altman at either jaltman@mit.edu or jaltman@secure-endpoints.com * a Kerberos specific WinLogon Network Provider that will use the username and password combined with the MIT Kerberos default realm in an effort to obtain credentials at session logon Important changes since the 2.6.5 release: ========================================== * This release requires 32-bit editions of Microsoft Windows 2000 or higher. Support for Microsoft Windows 95, 98, 98 Second Edition, ME, and NT 4.0 has been discontinued. Users of discontinued platforms should continue to use MIT Kerberos for Windows 2.6.5. * Version 3.0 does not include any internal support for AFS. The aklog.exe utility now ships as a part of OpenAFS for Windows. The AFS credential manager for the Network Identity Manager will be shipped separately by Secure Endpoints Inc. and will be incorporated into a future release of OpenAFS. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/ Acknowledgments =============== The MIT Kerberos team would like to thank Jet Propulsion Laboratory and Secure Endpoints Inc. for their support during the development of this release. Important notice regarding Kerberos 4 support ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos, possibly as early as the 1.5 release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos@mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQ5T52qbDgE/zdoE9AQH8PwP9F/qzDWQ76vyS/ZaKHxmKZyzas2j+RXub 2qfdEJW9GBzirHuYFA8JiwIaIQ7JQhpU/+FJUfoNTvxM7yRe+CoBRt0N/GvmChbH HeKYbV//SdGAdyEiFv/MMlGBdmk8oYB+A/9GZRqmAeLWDBzAXCJnVKPRR5Ylr7S0 qSVKMjKn1oo= =W62r -----END PGP SIGNATURE----- From tlyu@MIT.EDU Sat Jul 1 01:41:25 2006 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k615fPKD008986 for ; Sat, 1 Jul 2006 01:41:25 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id k615fQQe018165 for ; Sat, 1 Jul 2006 01:41:27 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id k615fJNY012988 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Sat, 1 Jul 2006 01:41:20 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id k615fJAX022486; Sat, 1 Jul 2006 01:41:19 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: krb5-1.5 is released From: Tom Yu Date: Sat, 01 Jul 2006 01:41:15 -0400 Message-ID: Lines: 55 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 3.548 X-Spam-Level: *** (3.548) X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Sat, 01 Jul 2006 01:42:17 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Jul 2006 05:41:25 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.5. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.5 ================================= You may retrieve the Kerberos 5 Release 1.5 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.5 release is: http://web.mit.edu/kerberos/krb5-1.5/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES ============= Kerberos 5 Release 1.5 includes many significant changes to the Kerberos build system, to GSS-API, and to the Kerberos KDC and administration system. These changes build up infrastructure as part of our efforts to make Kerberos more extensible and flexible. While we are confident that these changes will improve Kerberos in the long run, significant code restructuring may introduce portability problems or change behavior in ways that break applications. It is always important to test a new version of critical security software like Kerberos before deploying it in your environment to confirm that the new version meets your environment's requirements. Because of the significant restructuring, it is more important than usual to perform this testing and to report problems you find. Highlights of major changes include: * KDB abstraction layer, donated by Novell. * plug-in architecture, allowing for extension modules to be loaded at run-time. * multi-mechanism GSS-API implementation ("mechglue"), donated by Sun Microsystems * Simple and Protected GSS-API negotiation mechanism ("SPNEGO") implementation, donated by Sun Microsystems * Per-directory ChangeLog files have been deleted. Releases now include auto-generated revision history logs in the combined file doc/CHANGES. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (SunOS) iD8DBQFEpgr/SO8fWy4vZo4RAmQAAJ9ue8L5tsiwua0uHHRCb11fWqs7sgCfZ8iz /tDMX1rv7eCTGqzzaDyw2z4= =hRgk -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Aug 8 15:06:37 2006 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k78J6bnC032451 for ; Tue, 8 Aug 2006 15:06:37 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id k78J6ktu001074 for ; Tue, 8 Aug 2006 15:06:46 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id k78J6gGI009119 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 8 Aug 2006 15:06:42 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id k78J6g99009965; Tue, 8 Aug 2006 15:06:42 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities From: Tom Yu Date: Tue, 08 Aug 2006 15:06:42 -0400 Message-ID: Lines: 177 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 1.217 X-Spam-Level: * (1.217) X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Tue, 08 Aug 2006 15:07:22 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 19:06:37 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2006-001 Original release: 2006-08-08 Topic: multiple local privilege escalation vulnerabilities Severity: serious SUMMARY ======= In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success. A local user could exploit one of these vulnerabilities to result in privilege escalation. No exploit code is known to exist at this time. It is believed that the primary risk is to Linux systems, due to the behavior of their implementation of the setuid() and seteuid() system calls. IMPACT ====== Actual impact depends on implementation details within a specific operating system. Vulnerabilities result when the OS implementations of setuid() or seteuid() can fail due to resource exhaustion when changing to an unprivileged user ID. We believe that only unchecked calls to setuid(), and not calls to seteuid(), are vulnerable on Linux. On AIX, Kerberos applications provided by IBM are not vulnerable. If, in place of or in addition to IBM-provided Kerberos applications, MIT krb5 code is installed on an AIX system, the affected MIT krb5 applications are vulnerable to the setuid() issues listed in CVE-2006-3083. We believe that no other operating systems are affected. [CVE-2006-3083, VU#580124] The following vulnerabilities may result from unchecked calls to setuid(), and are believed to only exist on Linux and AIX: * Unchecked calls to setuid() in krshd may allow a local privilege escalation leading to execution of programs as root. * Unchecked calls to setuid() in the v4rcp may allow a local privilege escalation leading to reading, writing, or creating files as root. v4rcp is the remote end of a krb4-authenticated rcp operation, but may be executed directly by an attacker, as it is a setuid program. [CVE-2006-3084, VU#401660] The following vulnerabilities may result from unchecked calls to seteuid(). These vulnerabilities are not yet known to exist on any operating system: * Unchecked calls to seteuid() in ftpd may allow a local privilege escalation leading to reading, writing, or creating files as root. * Unchecked calls to seteuid() in the ksu program may allow a local privilege escalation resulting in filling a file with null bytes as root and then deleting it (the "kdestroy" operation). AFFECTED SOFTWARE ================= * The above-listed programs are vulnerable in all releases of MIT krb5, up to and including krb5-1.5. The krb5-1.5.1 and krb5-1.4.4 releases will contain fixes for these problems. FIXES ===== * The upcoming krb5-1.5.1 and krb5-1.4.4 releases will include fixes for these vulnerabilities. * Disable krshd and ftpd, and remove the setuid bit from the ksu binary and the v4rcp binary. * For the krb5-1.5 release, apply the patch at http://web.mit.edu/kerberos/advisories/2006-001-patch_1.5.txt A PGP-signed version of this patch is at http://web.mit.edu/kerberos/advisories/2006-001-patch_1.5.txt.asc This patch was generated against the krb5-1.5 release, and may apply to earlier releases with some fuzz. The patch also updates some calls to other setuid-like system calls on less-common operating systems, though these calls are less likely to be vulnerable. * For the krb5-1.4.3 release, apply the patch at http://web.mit.edu/kerberos/advisories/2006-001-patch_1.4.3.txt A PGP-signed version of this patch is at http://web.mit.edu/kerberos/advisories/2006-001-patch_1.4.3.txt This patch was generated against the krb5-1.4.3 release, and may apply to earlier releases with some fuzz. The patch also updates some calls to other setuid-like system calls on less-common operating systems, though these calls are less likely to be vulnerable. REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CVE-2006-3083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083 CERT: VU#580124 http://www.kb.cert.org/vuls/id/580124 CVE: CVE-2006-3084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084 CERT: VU#401660 http://www.kb.cert.org/vuls/id/401660 ACKNOWLEDGMENTS =============== Thanks to Michael Calmer and Marcus Meissner at SUSE for reporting this problem. Thanks to Shiva Persaud at IBM for information on AIX. DETAILS ======= Typically, setuid(), seteuid(), and similar system calls cannot fail except in cases of inadequate privilege or system misconfiguration. Unlike other operating systems, Linux and AIX system calls which change the real user ID can fail if the change would cause the target user ID to exceed its quota of allowed processes. A local attacker may be able to exhaust a process quota in a way which artificially creates such a failure condition. This may result in privilege escalation when a program making an unchecked call to one of these system calls expects to continue execution with reduced privilege following the affected call, but instead continues to run as a privileged user. Specific places where various system calls are not checked include: appl/bsd/krcp.c: setreuid (uncompiled code), setuid (irrelevant because not installed setuid) appl/bsd/krshd.c: setuid appl/bsd/krsh.c: setuid (irrelevant because not installed setuid) appl/bsd/v4rcp.c: setuid appl/gssftp/ftpd/ftpd.c: seteuid client/ksu/main.c: seteuid lib/krb4/kuserok.c: seteuid (but likely irrelevant) REVISION HISTORY ================ 2006-08-08 original release Copyright (C) 2006 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (SunOS) iQCVAwUBRNjfg6bDgE/zdoE9AQLnKQP8DAikPgsCxRiOVj2QnX66VnBl2Nsm7irs NeO/8yiP9QpliPk4h/6p9Q1Wc70H/C4ICWgufVDiIHbnUc4MGS4GVUzZtvQelrC1 4WTZyxLFfEZQzbNk6FUBw3W0P38IrUX2FQsLTp9R4S3iWFMI5Udkb5XX60zwo9w2 79rpIw5g8vY= =x/vF -----END PGP SIGNATURE----- From tlyu@MIT.EDU Wed Aug 16 18:36:57 2006 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k7GMavXq007861 for ; Wed, 16 Aug 2006 18:36:57 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id k7GMb8A9027110 for ; Wed, 16 Aug 2006 18:37:08 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id k7GMb3aM009851 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 16 Aug 2006 18:37:04 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id k7GMb3pH015942; Wed, 16 Aug 2006 18:37:03 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities From: Tom Yu Date: Wed, 16 Aug 2006 18:37:03 -0400 Message-ID: Lines: 193 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 1.217 X-Spam-Level: * (1.217) X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Wed, 16 Aug 2006 18:37:13 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Aug 2006 22:36:57 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2006-001 Original release: 2006-08-08 Last update: 2006-08-16 Topic: multiple local privilege escalation vulnerabilities Severity: serious SUMMARY ======= [patch corrected since original release] In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success. A local user could exploit one of these vulnerabilities to result in privilege escalation. No exploit code is known to exist at this time. It is believed that the primary risk is to Linux systems, due to the behavior of their implementation of the setuid() and seteuid() system calls. IMPACT ====== Actual impact depends on implementation details within a specific operating system. Vulnerabilities result when the OS implementations of setuid() or seteuid() can fail due to resource exhaustion when changing to an unprivileged user ID. We believe that only unchecked calls to setuid(), and not calls to seteuid(), are vulnerable on Linux. On AIX, Kerberos applications provided by IBM are not vulnerable. If, in place of or in addition to IBM-provided Kerberos applications, MIT krb5 code is installed on an AIX system, the affected MIT krb5 applications are vulnerable to the setuid() issues listed in CVE-2006-3083. We believe that no other operating systems are affected. [CVE-2006-3083, VU#580124] The following vulnerabilities may result from unchecked calls to setuid(), and are believed to only exist on Linux and AIX: * Unchecked calls to setuid() in krshd may allow a local privilege escalation leading to execution of programs as root. * Unchecked calls to setuid() in the v4rcp may allow a local privilege escalation leading to reading, writing, or creating files as root. v4rcp is the remote end of a krb4-authenticated rcp operation, but may be executed directly by an attacker, as it is a setuid program. [CVE-2006-3084, VU#401660] The following vulnerabilities may result from unchecked calls to seteuid(). These vulnerabilities are not yet known to exist on any operating system: * Unchecked calls to seteuid() in ftpd may allow a local privilege escalation leading to reading, writing, or creating files as root. * Unchecked calls to seteuid() in the ksu program may allow a local privilege escalation resulting in filling a file with null bytes as root and then deleting it (the "kdestroy" operation). AFFECTED SOFTWARE ================= * The above-listed programs are vulnerable in all releases of MIT krb5, up to and including krb5-1.5. The krb5-1.5.1 and krb5-1.4.4 releases will contain fixes for these problems. FIXES ===== * The upcoming krb5-1.5.1 and krb5-1.4.4 releases will include fixes for these vulnerabilities. * Disable krshd and ftpd, and remove the setuid bit from the ksu binary and the v4rcp binary. * For the krb5-1.5 release, apply the patch at http://web.mit.edu/kerberos/advisories/2006-001-patch_1.5.txt A PGP-signed version of this patch is at http://web.mit.edu/kerberos/advisories/2006-001-patch_1.5.txt.asc This patch was generated against the krb5-1.5 release, and may apply to earlier releases with some fuzz. The patch also updates some calls to other setuid-like system calls on less-common operating systems, though these calls are less likely to be vulnerable. Note that the original version of this patch contained an error in the patch to ksu which introduced a minor bug; this erroneous ksu patch may be identified by diff header "*** clients/ksu/main.c (revision 18419)" * For the krb5-1.4.3 release, apply the patch at http://web.mit.edu/kerberos/advisories/2006-001-patch_1.4.3.txt A PGP-signed version of this patch is at http://web.mit.edu/kerberos/advisories/2006-001-patch_1.4.3.txt This patch was generated against the krb5-1.4.3 release, and may apply to earlier releases with some fuzz. The patch also updates some calls to other setuid-like system calls on less-common operating systems, though these calls are less likely to be vulnerable. Note that the original version of this patch contained an error in the patch to ksu which introduced a minor bug; this erroneous ksu patch may be identified by diff header "*** clients/ksu/main.c (revision 18419)" REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CVE-2006-3083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083 CERT: VU#580124 http://www.kb.cert.org/vuls/id/580124 CVE: CVE-2006-3084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084 CERT: VU#401660 http://www.kb.cert.org/vuls/id/401660 ACKNOWLEDGMENTS =============== Thanks to Michael Calmer and Marcus Meissner at SUSE for reporting this problem. Thanks to Shiva Persaud at IBM for information on AIX. Thanks to Sachin Punadikar for reporting the error in the ksu patch. DETAILS ======= Typically, setuid(), seteuid(), and similar system calls cannot fail except in cases of inadequate privilege or system misconfiguration. Unlike other operating systems, Linux and AIX system calls which change the real user ID can fail if the change would cause the target user ID to exceed its quota of allowed processes. A local attacker may be able to exhaust a process quota in a way which artificially creates such a failure condition. This may result in privilege escalation when a program making an unchecked call to one of these system calls expects to continue execution with reduced privilege following the affected call, but instead continues to run as a privileged user. Specific places where various system calls are not checked include: appl/bsd/krcp.c: setreuid (uncompiled code), setuid (irrelevant because not installed setuid) appl/bsd/krshd.c: setuid appl/bsd/krsh.c: setuid (irrelevant because not installed setuid) appl/bsd/v4rcp.c: setuid appl/gssftp/ftpd/ftpd.c: seteuid client/ksu/main.c: seteuid lib/krb4/kuserok.c: seteuid (but likely irrelevant) REVISION HISTORY ================ 2006-08-16 updated patch to correct ksu error 2006-08-08 original release Copyright (C) 2006 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (SunOS) iQCVAwUBROOaEKbDgE/zdoE9AQJJpwP/ZLA21YIZuGU9wuJeYiRM9QdvnMZE/+My xY1FeWPVx6puQ1Zkh12Vn30gQH8a6ZnFjunAlkx0TQjUM9iqtlA9PUwjwBYCywcm p6qdS91ESpgqsYoDZVDajqxDhvlWyEYfsT8vzfcep+BGG2iqIicdvz95n9HuwRKG rWIgVg83BLM= =jv57 -----END PGP SIGNATURE----- From tlyu@MIT.EDU Wed Aug 23 21:03:43 2006 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k7O13hg5009104 for ; Wed, 23 Aug 2006 21:03:43 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id k7O13idH026197 for ; Wed, 23 Aug 2006 21:03:44 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id k7O13aiQ013334 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 23 Aug 2006 21:03:37 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id k7O13aCY020102; Wed, 23 Aug 2006 21:03:36 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: krb5-1.5.1 is released From: Tom Yu Date: Wed, 23 Aug 2006 21:03:33 -0400 Message-ID: Lines: 30 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 1.217 X-Spam-Level: * (1.217) X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Wed, 23 Aug 2006 21:03:59 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Aug 2006 01:03:44 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.5.1. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.5.1 =================================== You may retrieve the Kerberos 5 Release 1.5.1 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.5.1 release is: http://web.mit.edu/kerberos/krb5-1.5/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES ============= The only significant change in krb5-1.5.1 is to fix the security vulnerabilities decribed in MITKRB5-SA-2006-001, which are local privilege escalation vulnerabilities in applications running on Linux and AIX. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (SunOS) iQCVAwUBROz66KbDgE/zdoE9AQJm0QP/VSciSlhcQWA3SOJtWcsIlqCYTuds2vvg oO5qxVf/mPocN/42cafsEXjxx2ngenihDAahl+KBQ/kvvoYiviasXpuOMnxK2Z/N j6ut4WhrJYyRxYS0C/KRZX7kdMXkJeGEquaN81glyMECU8HzfDWl03L1FhevRkj4 Zw7OTbCxDZw= =SX6p -----END PGP SIGNATURE----- From tlyu@MIT.EDU Wed Aug 23 21:03:53 2006 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k7O13r0V009155 for ; Wed, 23 Aug 2006 21:03:53 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id k7O13rCo026295 for ; Wed, 23 Aug 2006 21:03:54 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id k7O13g4O013345 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 23 Aug 2006 21:03:42 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id k7O13guE020115; Wed, 23 Aug 2006 21:03:42 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: krb5-1.4.4 is released From: Tom Yu Date: Wed, 23 Aug 2006 21:03:37 -0400 Message-ID: Lines: 30 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 1.218 X-Spam-Level: * (1.218) X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Wed, 23 Aug 2006 21:03:59 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Aug 2006 01:03:53 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.4.4. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.4.4 =================================== You may retrieve the Kerberos 5 Release 1.4.4 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.4.4 release is: http://web.mit.edu/kerberos/krb5-1.4/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES ============= The only significant change in krb5-1.4.4 is to fix the security vulnerabilities decribed in MITKRB5-SA-2006-001, which are local privilege escalation vulnerabilities in applications running on Linux and AIX. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (SunOS) iD8DBQFE7PruSO8fWy4vZo4RAoqAAJwMAU2f2fq7uDTVW5xXs/KE3NfTYACgjdeB Wimg0fmIJpLq85ptubEz0yI= =9+NL -----END PGP SIGNATURE----- From tlyu@MIT.EDU Thu Oct 19 17:48:19 2006 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k9JLmJHE028474 for ; Thu, 19 Oct 2006 17:48:19 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id k9JLmJD4000469 for ; Thu, 19 Oct 2006 17:48:19 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id k9JLmATu016199 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 19 Oct 2006 17:48:10 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id k9JLmAru020922; Thu, 19 Oct 2006 17:48:10 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: kfw-3.1-beta-2 is available From: Tom Yu Date: Thu, 19 Oct 2006 17:48:01 -0400 Message-ID: Lines: 188 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 1.217 X-Spam-Level: * (1.217) X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id k9JLmJHE028474 X-Mailman-Approved-At: Thu, 19 Oct 2006 17:49:30 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2006 21:48:19 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Development Team is proud to announce the second *BETA* release of the next revision of our Kerberos for Windows product, Version 3.1. Please send bug reports and feedback to kfw-bugs@mit.edu. What's New: =========== Version 3.1 fixes bugs and adds minor functionality: * Improvements to the Network Identity Manager 1. A serious memory leak has been fixed 2. Principal names containing numbers are no longer considered invalid 3. Locales other than en_US are now supported 4. Arbitrary sort ordering of credentials 5. Support for FILE: ccaches 6. Credential properties may be selected by the user for display 7. User selected font support 8. Tool Tip support added to the Toolbar 9. Identities can be added without obtaining credentials 10. Kerberos 5 Realm editor has been added * The MSLSA: ccache is disabled in WOW64 environments prior to Microsoft Windows Vista Beta 2 (Windows XP 64, 2003 64, etc.) * The installers are built using the latest toolkit versions NSIS (2.18) and WIX (2.0.4220.0) Version 3.0 provided several often requested new features: * thread-safe Kerberos 5 libraries (provided by Kerberos 5 release 1.4.4) * a replacement for the Leash Credential Manager called the Network Identity Manager - a visually enticing application that takes advantage of all of the modern XP style User Interface enhancements - supports the management of multiple Kerberos 5 identities in a variety of credential cache types including CCAPI and FILE. - credentials can be organized by credential cache location or by identity - a single identity can be marked as the default for use by applications that request the current default credential cache - Network Identity Manager is built upon the Khimaira Identity Management Framework introduced this past summer at the AFS & Kerberos Best Practices Conference at CMU. - Credential Managers for Kerberos 5 and Kerberos 4 are provided. Credential Managers for other credential types including AFS and KX.509/KCA are available. Contact Secure Endpoints Inc. for details. - The Khimaira framework is a pluggable engine into which custom Identity Managers and Credential Managers can be added. Organizations interested in building plug-ins for the Network Identity Manager may contact Jeffrey Altman at jaltman@secure-endpoints.com * a Kerberos specific WinLogon Network Provider that will use the username and password combined with the MIT Kerberos default realm in an effort to obtain credentials at session logon Important changes since the 2.6.5 release: ========================================== * This release requires 32-bit editions of Microsoft Windows 2000 or higher. Support for Microsoft Windows 95, 98, 98 Second Edition, ME, and NT 4.0 has been discontinued. Users of discontinued platforms should continue to use MIT Kerberos for Windows 2.6.5. * Version 3.0 does not include any internal support for AFS. The aklog.exe utility now ships as a part of OpenAFS for Windows. The Secure Endpoints Inc. AFS credential manager for the Network Identity Manager has been incorporated into OpenAFS for Windows 1.5.9 and above. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/ Acknowledgments =============== The MIT Kerberos team would like to thank Secure Endpoints Inc. for its support during the development of this release. Important notice regarding Kerberos 4 support ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos@mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (SunOS) iQCVAwUBRTfymabDgE/zdoE9AQJk+gQAl59c3ILPvaKlBg4KWWAR6IJNbghzEuec mbtG15DFWue94/z7h5wskQvMVGh4lyuHOmVk53K+8cZvnERTA/MizYiUk119mvAn d4ERzBVW92JW60txxQNZhJQZiOaJRquPA2L8rjfaQ8jG9f7YokU7HFAu45MGpd3M kpcXNTZjCO8= =rc1B -----END PGP SIGNATURE----- From hartmans@MIT.EDU Thu Nov 9 12:33:06 2006 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id kA9HX6tZ004181 for ; Thu, 9 Nov 2006 12:33:06 -0500 Received: from mit.edu (W92-130-BARRACUDA-3.MIT.EDU [18.7.21.224]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id kA9HWo5t001083 for ; Thu, 9 Nov 2006 12:32:50 -0500 (EST) Received: from carter-zimmerman.mit.edu (dhcp68-116.ietf67.org [130.129.68.116]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mit.edu (Spam Firewall) with ESMTP id 9583F9281D for ; Thu, 9 Nov 2006 12:32:49 -0500 (EST) Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id 6046FE0035; Thu, 9 Nov 2006 12:32:37 -0500 (EST) From: Sam Hartman To: kerberos-announce@MIT.EDU Subject: New Direction for Kerberos for Windows Date: Thu, 09 Nov 2006 11:18:21 -0500 Message-ID: Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Spam-Score: 0.00 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) MIME-Version: 1.0 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Nov 2006 17:33:06 -0000 --=-=-= Since March of 2003, Jeffrey Altman and Secure Endpoints Inc. have been leading the evolution of MIT's Kerberos for Windows product. Enhancements such as the customizable installation packaging, MSLSA credentials cache, automatic ticket acquisition, improved reliability, and broader third-party application adoption have driven increased demand for Kerberos for Windows. I'd like to announce two changes that will improve the Kerberos for Windows product and your ability to deploy it throughout your organization. First, we're working with Secure Endpoints to develop an arrangement where they can focus on what they do best: providing support and custom development for security software including Kerberos for Windows. They will continue to work with us, providing enhancements and bug fixes back and helping us better understand customer needs. Secure Endpoints will maintain a release management role as part of the Kerberos team and will work with MIT to issue official Kerberos for Windows releases. As a result of our on-going cooperation Kerberos for Windows 3.1 will be released in early November incorporating the extensible Network Identity Manager. This will be followed by Kerberos for Windows 3.2 with support for Microsoft Vista and 64-bit Microsoft Windows applications. Organizations wishing to customize Network Identity Manager or KFW installation packages for their users or whom would like to fund specific KFW development are encouraged to contact Secure Endpoints. Secondly, MIT is seeking a senior full-time developer to be the engineering lead for the Kerberos for Windows product. KFW has grown to a level where we believe that it needs a full-time resource to guide its development and design. This senior engineer will work with the rest of the Kerberos team as well as KFW users. We believe this will allow us to provide more timely and responsive KFW releases while allowing us to better take advantage of development made for KFW in the rest of our products. We're actively seeking resumes for this position at this time. We look forward to an exciting year of KFW development. Sam Hartman Manager, MIT Kerberos Team --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFU1TV/I12czyGJg8RAjqkAJ9MdCR0hxktlihnPnA6aKE7Up1iHwCgrAFk 8fGNMTT+wya1ptAxr080G2o= =3lpR -----END PGP SIGNATURE----- --=-=-=-- From tlyu@MIT.EDU Thu Nov 9 13:05:46 2006 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id kA9I5kTe011776 for ; Thu, 9 Nov 2006 13:05:46 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id kA9I5Qxk009481 for ; Thu, 9 Nov 2006 13:05:26 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id kA9I5PNL027958 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 9 Nov 2006 13:05:26 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id kA9I5PfW012926; Thu, 9 Nov 2006 13:05:25 -0500 (EST) To: kerberos-announce@MIT.EDU Subject: kfw-3.1-beta-3 is available From: Tom Yu Date: Thu, 09 Nov 2006 13:05:21 -0500 Message-ID: Lines: 190 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Score: -5.599 X-Spam-Flag: NO Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id kA9I5kTe011776 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Nov 2006 18:05:47 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Development Team is proud to announce the third *BETA* release of the next revision of our Kerberos for Windows product, Version 3.1. Please send bug reports and feedback to kfw-bugs@mit.edu. What's New: =========== Version 3.1 fixes bugs and adds minor functionality: * Improvements to the Network Identity Manager 1. A serious memory leak has been fixed 2. Principal names containing numbers are no longer considered invalid 3. Locales other than en_US are now supported 4. Arbitrary sort ordering of credentials 5. Support for FILE: ccaches 6. Credential properties may be selected by the user for display 7. User selected font support 8. Tool Tip support added to the Toolbar 9. Identities can be added without obtaining credentials 10. Kerberos 5 Realm editor has been added * The MSLSA: ccache is disabled in WOW64 environments prior to Microsoft Windows Vista Beta 2 (Windows XP 64, 2003 64, etc.) * The installers are built using the latest toolkit versions NSIS (2.18) and WIX (2.0.4220.0) Version 3.0 provided several often requested new features: * thread-safe Kerberos 5 libraries (provided by Kerberos 5 release 1.4.4) * a replacement for the Leash Credential Manager called the Network Identity Manager - a visually enticing application that takes advantage of all of the modern XP style User Interface enhancements - supports the management of multiple Kerberos 5 identities in a variety of credential cache types including CCAPI and FILE. - credentials can be organized by credential cache location or by identity - a single identity can be marked as the default for use by applications that request the current default credential cache - Network Identity Manager is built upon the Khimaira Identity Management Framework introduced this past summer at the AFS & Kerberos Best Practices Conference at CMU. - Credential Managers for Kerberos 5 and Kerberos 4 are provided. Credential Managers for other credential types including AFS and KX.509/KCA are available. Contact Secure Endpoints Inc. for details. - The Khimaira framework is a pluggable engine into which custom Identity Managers and Credential Managers can be added. Organizations interested in building plug-ins for the Network Identity Manager may contact Jeffrey Altman at jaltman@secure-endpoints.com * a Kerberos specific WinLogon Network Provider that will use the username and password combined with the MIT Kerberos default realm in an effort to obtain credentials at session logon Important changes since the 2.6.5 release: ========================================== * This release requires 32-bit editions of Microsoft Windows 2000 or higher. Support for Microsoft Windows 95, 98, 98 Second Edition, ME, and NT 4.0 has been discontinued. Users of discontinued platforms should continue to use MIT Kerberos for Windows 2.6.5. * Version 3.0 does not include any internal support for AFS. The aklog.exe utility now ships as a part of OpenAFS for Windows. The Secure Endpoints Inc. AFS credential manager for the Network Identity Manager has been incorporated into OpenAFS for Windows 1.5.9 and above. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/ Acknowledgments =============== The MIT Kerberos team would like to thank Secure Endpoints Inc. for its support during the development of this release. Important notice regarding Kerberos 4 support ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos@mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (SunOS) iQCVAwUBRVNt5abDgE/zdoE9AQIANgP8CdvQi8UFZT2oie5JX2ftfI+8sh8ywQ/P NvcRvZl/9+a1pEEUrW7zHtL565l827jV2zCQSnvp/dcDW7kZZ7gksxwK23qTsE7z K4Sn6jvhzQcXYr5/IKmwn88h/wTIn8gmzz6L6BHAjMvw+u+7c3jeUZii6wtgKnro 16MDisJnJ68= =e+TZ -----END PGP SIGNATURE----- From tlyu@MIT.EDU Fri Nov 17 19:20:05 2006 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id kAI0K5PN012225 for ; Fri, 17 Nov 2006 19:20:05 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id kAI0K4E2024981 for ; Fri, 17 Nov 2006 19:20:04 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id kAI0K3hf021079 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Fri, 17 Nov 2006 19:20:04 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id kAI0K3Nh002706; Fri, 17 Nov 2006 19:20:03 -0500 (EST) To: kerberos-announce@MIT.EDU Subject: kfw-3.1-beta-4 is available From: Tom Yu Date: Fri, 17 Nov 2006 19:20:00 -0500 Message-ID: Lines: 191 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id kAI0K5PN012225 X-Mailman-Approved-At: Fri, 17 Nov 2006 19:20:18 -0500 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2006 00:20:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Development Team is proud to announce the fourth *BETA* release of the next revision of MIT's Kerberos for Windows product, Version 3.1. Please send bug reports and feedback to kfw-bugs@mit.edu. What's New: =========== Version 3.1 fixes bugs and adds minor functionality: * Improvements to the Network Identity Manager 1. A serious memory leak has been fixed 2. Principal names containing numbers are no longer considered invalid 3. Locales other than en_US are now supported 4. Arbitrary sort ordering of credentials 5. Support for FILE: ccaches 6. Credential properties may be selected by the user for display 7. User selected font support 8. Tool Tip support added to the Toolbar 9. Identities can be added without obtaining credentials 10. Kerberos 5 Realm editor has been added * The MSLSA: ccache is disabled in WOW64 environments prior to Microsoft Windows Vista Beta 2 (Windows XP 64, 2003 64, etc.) * The installers are built using the latest toolkit versions NSIS (2.18) and WIX (2.0.4220.0) Version 3.0 provided several often requested new features: * thread-safe Kerberos 5 libraries (provided by Kerberos 5 release 1.4.4) * a replacement for the Leash Credential Manager called the Network Identity Manager - a visually enticing application that takes advantage of all of the modern XP style User Interface enhancements - supports the management of multiple Kerberos 5 identities in a variety of credential cache types including CCAPI and FILE. - credentials can be organized by credential cache location or by identity - a single identity can be marked as the default for use by applications that request the current default credential cache - Network Identity Manager is built upon the Khimaira Identity Management Framework introduced this past summer at the AFS & Kerberos Best Practices Conference at CMU. - Credential Managers for Kerberos 5 and Kerberos 4 are provided. Credential Managers for other credential types including AFS and KX.509/KCA are available from third parties. An AFS credential manager is included as part of OpenAFS for Windows 1.5.9 and above. Contact Secure Endpoints Inc. for details regarding other credential types. - The Khimaira framework is a pluggable engine into which custom Identity Managers and Credential Managers can be added. Organizations interested in building plug-ins for the Network Identity Manager may contact Jeffrey Altman at jaltman@secure-endpoints.com * a Kerberos specific WinLogon Network Provider that will use the username and password combined with the MIT Kerberos default realm in an effort to obtain credentials at session logon Important changes since the 2.6.5 release: ========================================== * This release requires 32-bit editions of Microsoft Windows 2000 or higher. Support for Microsoft Windows 95, 98, 98 Second Edition, ME, and NT 4.0 has been discontinued. Users of discontinued platforms should continue to use MIT Kerberos for Windows 2.6.5. * Version 3.0 does not include any internal support for AFS. The aklog.exe utility now ships as a part of OpenAFS for Windows. The Secure Endpoints Inc. AFS credential manager for the Network Identity Manager has been incorporated into OpenAFS for Windows 1.5.9 and above. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/ Acknowledgments =============== The MIT Kerberos team would like to thank Secure Endpoints Inc. for its support during the development of this release. Important notice regarding Kerberos 4 support ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos@mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (SunOS) iD8DBQFFXlGzSO8fWy4vZo4RAiJDAKD7EvzMjTFncXamd+hW1HKGzbyjOQCeNZmH jd4D2wpJGSj4h7EuSq4HUdk= =tLDK -----END PGP SIGNATURE----- From tlyu@MIT.EDU Wed Nov 29 18:23:14 2006 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id kATNNDXw000725 for ; Wed, 29 Nov 2006 18:23:14 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id kATNNC4s029603 for ; Wed, 29 Nov 2006 18:23:12 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id kATNNBp3014371 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 29 Nov 2006 18:23:12 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id kATNNBPd000650; Wed, 29 Nov 2006 18:23:11 -0500 (EST) To: kerberos-announce@MIT.EDU Subject: Kerberos for Windows version 3.1 is released From: Tom Yu Date: Wed, 29 Nov 2006 18:23:07 -0500 Message-ID: Lines: 191 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id kATNNDXw000725 X-Mailman-Approved-At: Wed, 29 Nov 2006 18:33:59 -0500 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2006 23:23:14 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Development Team and Secure Endpoints Inc. are proud to announce the release of MIT's Kerberos for Windows product, Version 3.1. Please send bug reports and feedback to kfw-bugs@mit.edu. What's New: =========== Version 3.1 fixes bugs and adds minor functionality: * Improvements to the Network Identity Manager 1. A serious memory leak has been fixed 2. Principal names containing numbers are no longer considered invalid 3. Locales other than en_US are now supported 4. Arbitrary sort ordering of credentials 5. Support for FILE: ccaches 6. Credential properties may be selected by the user for display 7. User selected font support 8. Tool Tip support added to the Toolbar 9. Identities can be added without obtaining credentials 10. Kerberos 5 Realm editor has been added * The MSLSA: ccache is disabled in WOW64 environments prior to Microsoft Windows Vista Beta 2 (Windows XP 64, 2003 64, etc.) * The installers are built using the latest toolkit versions NSIS (2.18) and WIX (2.0.4220.0) Version 3.0 provided several often requested new features: * thread-safe Kerberos 5 libraries (provided by Kerberos 5 release 1.4.4) * a replacement for the Leash Credential Manager called the Network Identity Manager - a visually enticing application that takes advantage of all of the modern XP style User Interface enhancements - supports the management of multiple Kerberos 5 identities in a variety of credential cache types including CCAPI and FILE. - credentials can be organized by credential cache location or by identity - a single identity can be marked as the default for use by applications that request the current default credential cache - Network Identity Manager is built upon the Khimaira Identity Management Framework introduced this past summer at the AFS & Kerberos Best Practices Conference at CMU. - Credential Managers for Kerberos 5 and Kerberos 4 are provided. Credential Managers for other credential types including AFS and KX.509/KCA are available from third parties. An AFS credential manager is included as part of OpenAFS for Windows 1.5.9 and above. Contact Secure Endpoints Inc. for details regarding other credential types. - The Khimaira framework is a pluggable engine into which custom Identity Managers and Credential Managers can be added. Organizations interested in building plug-ins for the Network Identity Manager may contact Jeffrey Altman at jaltman@secure-endpoints.com * a Kerberos specific WinLogon Network Provider that will use the username and password combined with the MIT Kerberos default realm in an effort to obtain credentials at session logon Important changes since the 2.6.5 release: ========================================== * This release requires 32-bit editions of Microsoft Windows 2000 or higher. Support for Microsoft Windows 95, 98, 98 Second Edition, ME, and NT 4.0 has been discontinued. Users of discontinued platforms should continue to use MIT Kerberos for Windows 2.6.5. * Version 3.0 does not include any internal support for AFS. The aklog.exe utility now ships as a part of OpenAFS for Windows. The Secure Endpoints Inc. AFS credential module for KFW's Network Identity Manager is distributed as part of OpenAFS for Windows 1.5.9 and above. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/dist/index.html Acknowledgments =============== The MIT Kerberos team would like to thank Secure Endpoints Inc. for this release. Important notice regarding Kerberos 4 support ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos@mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (SunOS) iQCVAwUBRW4WX6bDgE/zdoE9AQJmpgQAlR3HeYsMcaPF6wDoR8ZO7S2B01auCasD O+q0sxNE3QLZv1cNHKjIXnJ/hpJgR+dCTn3aEgI4zA54IEfVddRzrkOrne0Td3sS Pt8sPzIARyzSgLJTz20KAO/ZY2lN69E6AuxkTlVuq3BwJJ/qVQKnsy/OSzdSlhrp IJKQQ9f0nnI= =kuiL -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Jan 9 14:08:13 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l09J8DqV022337 for ; Tue, 9 Jan 2007 14:08:13 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l09J7m3q006739 for ; Tue, 9 Jan 2007 14:07:48 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l09J7liX012441 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 9 Jan 2007 14:07:48 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id l09J7lBQ000968; Tue, 9 Jan 2007 14:07:47 -0500 (EST) To: kerberos-announce@MIT.EDU Subject: MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer From: Tom Yu Date: Tue, 09 Jan 2007 14:07:47 -0500 Message-ID: Lines: 198 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Tue, 09 Jan 2007 14:09:56 -0500 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2007 19:08:13 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2006-002 Original release: 2007-01-09 Last update: 2007-01-09 Topic: kadmind (via RPC library) calls uninitialized function pointer Severity: CRITICAL CVE: CVE-2006-6143 CERT: VU#481564 SUMMARY ======= The Kerberos administration daemon, "kadmind", can execute arbitrary code by calling through a function pointer located in freed memory. This vulnerability results from bugs in the server-side portion of the RPC library. Third-party server applications written using the RPC library provided with MIT krb5 may also be vulnerable. No exploit code is known to exist at this time. IMPACT ====== An unauthenticated user may cause execution of arbitrary code in kadmind, which can compromise the Kerberos key database and host security. (kadmind usually runs as root.) Unsuccessful exploitation, or even accidental replication of the required conditions by non-malicious users, can result in kadmind crashing. An unauthenticated user may cause execution of arbitrary code in third-party server applications which use the RPC library. AFFECTED SOFTWARE ================= * kadmind from MIT releases krb5-1.4 through krb5-1.4.4 * kadmind from MIT releases krb5-1.5 through krb5-1.5.1 * third-party applications calling the RPC library included in MIT releases krb5-1.4 through krb5-1.4.4 * third-party applications calling the RPC library included in MIT releases krb5-1.5 through krb5-1.5.1 * Earlier releases may not be affected because the changes causing this vulnerability were introduced in krb5-1.4. FIXES ===== * The upcoming krb5-1.6 release will contain a fix for this problem. Additionally, the upcoming krb5-1.5.2 patch release will contain this fix. * Apply the following patch: Index: src/lib/rpc/svc.c =================================================================== *** src/lib/rpc/svc.c (revision 18864) - --- src/lib/rpc/svc.c (working copy) *************** *** 437,442 **** - --- 437,444 ---- #endif } + extern struct svc_auth_ops svc_auth_gss_ops; + static void svc_do_xprt(SVCXPRT *xprt) { *************** *** 518,523 **** - --- 520,528 ---- if ((stat = SVC_STAT(xprt)) == XPRT_DIED){ SVC_DESTROY(xprt); break; + } else if ((xprt->xp_auth != NULL) && + (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) { + xprt->xp_auth = NULL; } } while (stat == XPRT_MOREREQS); This patch is also available at: http://web.mit.edu/kerberos/advisories/2006-002-patch.txt A PGP-signed version of the patch is at: http://web.mit.edu/kerberos/advisories/2006-002-patch.txt.asc REFERENCES ========== This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2006-002-rpc.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CVE-2006-6143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143 CERT: VU#481564 http://www.kb.cert.org/vuls/id/481564 ACKNOWLEDGMENTS =============== Thanks to Andrew Korty from Indiana University for reporting this problem and for assisting with debugging. DETAILS ======= Error handling in svc_do_xprt() calls SVC_DESTROY(), which calls SVCAUTH_DESTROY(), which calls through a function pointer in a SVCAUTH structure. The SVCAUTH structure may reside in uninitialized or freed memory, so the function pointer may point to malicious or invalid code, resulting in application crashes or execution of arbitrary malicious code. On the server side of the RPC library, each RPC transport socket has a corresponding SVCXPRT structure. Every UDP listener has one SVCXPRT, as does every TCP listener. UDP listeners do not create a new SVCXPRT structure for each client; TCP listeners do create a new SVCXPRT structure for each client. Each SVCXPRT structure contains a SVCAUTH pointer named "xp_auth". The RPC call authentication functions set this SVCAUTH pointer, and SVCAUTH_WRAP() and SVCAUTH_UNWRAP() subsequently use this SVCAUTH pointer to perform encryption and decryption of RPC arguments and replies. During a call, svc_do_xprt() uses the SVCAUTH pointer variable "xprt", previously set by looking up the transport's socket file descriptor, to call various functions to perform actual processing of the call. The AUTH_GSSAPI authentication flavor authentication function, gssrpc__svcauth_gssapi(), sets xprt->xp_auth to point into an allocated internal client state structure. This occurs prior to authentication actually succeeding; an attacker may not need to successfully authenticate to exploit this vulnerability. AUTH_GSSAPI periodically scans all its client state structures for expired GSS-API contexts, and destroys them. The client state structures do not record which xprt->xp_auth points into them; as a result, the destruction of client state structures can result in some xprt->xp_auth pointing into freed memory. When svc_do_xprt() encounters error conditions, it calls SVC_DESTROY(), which then calls SVCAUTH_DESTROY(xprt->xp_auth) if xprt->xp_auth is not NULL. Most of the functions called through svc_do_xprt() do initialize xprt->xp_auth, but because SVC_RECV() does not, errors in SVC_RECV() (such as a client closing its TCP socket) will result in xprt->xp_auth containing whatever value it had at the conclusion of the immediately preceding call which used that SVCXPRT. SVCAUTH_DESTROY() calls through a function pointer in xprt->xp_auth. If xprt->xp_auth points into freed memory, this call could jump to malicious code. This vulnerability may be easy to exploit if the attacker can control the heap contents and writable process memory is executable. The RPCSEC_GSS authentication flavor currently erroneously depends on xprt->xp_auth remaining constant across calls, so the simple strategy of unconditionally setting xprt->xp_auth to NULL will cause connections using RPCSEC_GSS authentication to fail. We plan to address this bug in a future release. REVISION HISTORY ================ 2007-01-09 original release Copyright (C) 2006 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRaL90KbDgE/zdoE9AQKSPwP/TfCAdMA3WQmch7TJQqU8IZF4TyLe6N8N HJLLKOrEV/ZRyX8nZ+VJuK4FHYEZ02A2hlh3KG3+JQEuB2ChrCxhZz+3sttZJ7rE /kTmjFwP0BNwIolQ4wYHaVUSGhqK71fJxWt9LIP1Xt/D2dpF0JzmpsvARsfn7yE1 YRQyFUGwRkc= =2Oi2 -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Jan 9 14:08:19 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l09J8Ji2022356 for ; Tue, 9 Jan 2007 14:08:19 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l09J7tnh006969 for ; Tue, 9 Jan 2007 14:07:55 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l09J7si7012470 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 9 Jan 2007 14:07:55 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id l09J7sFS000980; Tue, 9 Jan 2007 14:07:54 -0500 (EST) To: kerberos-announce@MIT.EDU Subject: MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers From: Tom Yu Date: Tue, 09 Jan 2007 14:07:54 -0500 Message-ID: Lines: 139 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Tue, 09 Jan 2007 14:09:56 -0500 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2007 19:08:19 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2006-003 Original release: 2007-01-09 Last update: 2007-01-09 Topic: kadmind (via GSS-API mechglue) frees uninitialized pointers Severity: CRITICAL CVE: CVE-2006-6144 CERT: VU#831452 SUMMARY ======= The Kerberos administration daemon, "kadmind", can free uninitialized pointers, possibly leading to arbitrary code execution. This vulnerability results from memory management bugs in the "mechglue" abstraction interface of the GSS-API implementation. Third-party applications written using the GSS-API may also be vulnerable. Exploitation of this vulnerability is believed to be difficult. No exploit code is known to exist at this time. IMPACT ====== An unauthenticated user may cause execution of arbitrary code in kadmind, which can compromise the Kerberos key database and host security. (kadmind usually runs as root.) Unsuccessful exploitation, or even accidental replication of the required conditions by non-malicious users, can result in kadmind crashing. An unauthenticated user may cause execution of arbitrary code in third-party applications which use the GSS-API library. AFFECTED SOFTWARE ================= * kadmind from MIT releases krb5-1.5 through krb5-1.5.1 * third-party applications calling the GSS-API library included in MIT releases krb5-1.5 through krb5-1.5.1 * Earlier releases may not be affected because the relevant code was not compiled. FIXES ===== * The upcoming krb5-1.6 release will contain a fix for this problem. Additionally, the upcoming krb5-1.5.2 patch release will contain this fix. * Apply the patch at: http://web.mit.edu/kerberos/advisories/2006-003-patch.txt A PGP-signed version of the patch is at: http://web.mit.edu/kerberos/advisories/2006-003-patch.txt.asc REFERENCES ========== This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2006-003-mechglue.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CVE-2006-6144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6144 CERT: VU#831452 http://www.kb.cert.org/vuls/id/831452 ACKNOWLEDGMENTS =============== This vulnerability was found while investigating a related vulnerability reported by Andrew Korty of Indiana University. DETAILS ======= The specifications for the GSS-API C bindings, including RFC 2744, require that all GSS-API calls which may return pointers to allocated memory to initialize the pointers, even in error conditions. The implementation of the "mechglue" abstraction interface can execute error-handling paths which do not complete initialization of output parameters. As a result, callers which do not initialize return structures such as gss_buffer_desc may call destructor functions such as gss_release_buffer on values containing uninitialized pointers. In kadmind, the log_badverf() function calls gss_display_name() without checking its return value and without initializing the gss_buffer_desc structures passed to gss_display_name(). If gss_display_name() encounters certain error conditions, it does not initialize the gss_buffer_t output argument passed to it. The log_badverf() function then logs the returned strings, and calls gss_release_buffer() on these gss_buffer_desc structures. When RPCSEC_GSS is used, kadmind uses a NULL server name, so at least one of the calls to gss_display_name() will always fail in that case. The act of logging these strings will typically cause a memory access fault if the uninitialized pointers have values pointing into invalid address space, which may prevent harmful effects in gss_release_buffer() because the program will have crashed. It is inadvisable to depend on this possibility, because an attacker may be able to manipulate the uninitialized pointers to take on values pointing into valid address space. REVISION HISTORY ================ 2007-01-09 original release Copyright (C) 2006 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRaL92KbDgE/zdoE9AQJ8DAQAiYr6UPRR5twDUVvBLjhdGriKSYPRaOoe re7ROX9BZ1fAAxldLH2Eela50gAAvnqYkAUyB1RH0Qi9OyEudEbeAUH7PLAR42lE +Tt/OGH6jF6Uju/6wTfqLUPXCoBf8l9h2lojTuHYSGWvbz8Cth5vzpJSOGIM9cu7 YIFqXWFgoqs= =/Rxc -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Jan 9 21:11:51 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l0A2BpPb017972 for ; Tue, 9 Jan 2007 21:11:51 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l0A2BoCv025462 for ; Tue, 9 Jan 2007 21:11:50 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l0A2BnM9013202 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 9 Jan 2007 21:11:50 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id l0A2BnP7006368; Tue, 9 Jan 2007 21:11:49 -0500 (EST) To: kerberos-announce@MIT.EDU Subject: krb5-1.6 is released From: Tom Yu Date: Tue, 09 Jan 2007 21:11:45 -0500 Message-ID: Lines: 50 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Tue, 09 Jan 2007 21:13:44 -0500 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jan 2007 02:11:51 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.6. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.6 ================================= You may retrieve the Kerberos 5 Release 1.6 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.6 release is: http://web.mit.edu/kerberos/krb5-1.6/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES ============= * Partial client implementation to handle server name referrals. * Pre-authentication plug-in framework, donated by Red Hat. * LDAP KDB plug-in, donated by Novell. * Fix for MITKRB5-SA-2006-002: the RPC library could call an uninitialized function pointer, which created a security vulnerability for kadmind. * Fix for MITKRB5-SA-2006-003: the GSS-API mechglue layer could fail to initialize some output pointers, causing callers to attempt to free uninitialized pointers. This caused a security vulnerability in kadmind. Note that the implementation of referral handling involves a change to the behavior of krb5_sname_to_principal() to return a zero-length realm name if it is unable to find the realm corresponding to the hostname. This special realm name signals the ticket-acquisition code to request KDC canonicalization of service principal names. Other library code has changed to accommodate this new behavior. This particular method of implementing service principal name referral handling may change in the future; we invite discussion on this subject. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRaRLZabDgE/zdoE9AQKt3AP/a8lm1ueqdnyZRmnGPfOy3nMOuUoDFe3l ZTYskV8J2zuQCjrUWPncGmihxJ9bx+4SKJyY7R2WcXC0Jq0Bk6/XuPNwsFDaRLJy BFQw8VVPDhUeh39lluVj2ltZawwbM14J/2anpNNO/Xf9QEl8od7a442AOwivn6iM KeueI9DMvYo= =1bMh -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Jan 9 21:11:56 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l0A2BuX6018008 for ; Tue, 9 Jan 2007 21:11:56 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l0A2Bumd025492 for ; Tue, 9 Jan 2007 21:11:56 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l0A2BtOm013211 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 9 Jan 2007 21:11:55 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id l0A2BtYb006381; Tue, 9 Jan 2007 21:11:55 -0500 (EST) To: kerberos-announce@MIT.EDU Subject: krb5-1.5.2 is released From: Tom Yu Date: Tue, 09 Jan 2007 21:11:51 -0500 Message-ID: Lines: 35 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Tue, 09 Jan 2007 21:13:44 -0500 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jan 2007 02:11:56 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.5.2. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.5.2 =================================== You may retrieve the Kerberos 5 Release 1.5.2 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.5.2 release is: http://web.mit.edu/kerberos/krb5-1.5/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES ============= * Fix for MITKRB5-SA-2006-002: the RPC library could call an uninitialized function pointer, which created a security vulnerability for kadmind. * Fix for MITKRB5-SA-2006-003: the GSS-API mechglue layer could fail to initialize some output pointers, causing callers to attempt to free uninitialized pointers. This caused a security vulnerability in kadmind. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRaRLaqbDgE/zdoE9AQJBiQP6A3JbgQ4GRVbJVR+v4723XsKDp2Lq23OK KejjfWyWPU28haiXoXIy652gIqDCmLfENVwfuHkmOQ6fiesPWBqUMvUqO+ER3uxz oTJc1asgQMcpvWlZ1vnmetz077drNr4yhF18lGeV8rb4TXl6U6RUglhrcHyYfgqm uYPmB8Zl254= =HKWc -----END PGP SIGNATURE----- From tlyu@MIT.EDU Sat Mar 10 16:21:29 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l2ALLTMc023740 for ; Sat, 10 Mar 2007 16:21:29 -0500 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l2ALLSM7017857 for ; Sat, 10 Mar 2007 16:21:28 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l2ALLRe5013841 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Sat, 10 Mar 2007 16:21:28 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l2ALLRiM000890; Sat, 10 Mar 2007 16:21:27 -0500 (EST) To: kerberos-announce@MIT.EDU Subject: Kerberos for Windows version 3.1.1 updates DST behavior From: Tom Yu Date: Sat, 10 Mar 2007 16:21:23 -0500 Message-ID: Lines: 20 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Sat, 10 Mar 2007 16:21:51 -0500 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Mar 2007 21:21:29 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT Kerberos for Windows version 3.1.1 contains installers which update the MS Visual C++ .NET 2003 C Runtime Libraries to provide correct Daylight Saving Time rules when the TZ environment variable is set. The kfw-3.1.1 installers contain the kfw-3.1.0 binaries and the updated C Runtime Libraries. For existing installations, no change is required unless the TZ environment variable is in use. If it is, upgrading the KfW installation is required. MIT Kerberos for Windows releases 2.6.5 and above use versions of the Microsoft Visual C++ .NET 2003 C Runtime Libraries which do not correctly compute the start of DST for the 2007 United States DST rule changes if the TZ environment variable is set. The TZ environment variable is normally not set, but it may have been set in order to support compatibility with specific applications. Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/dist/index.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRfMhV6bDgE/zdoE9AQK7hAP+LDxutvJqEsuwrzSQzp82HNnbZ/BKIPCp m9qq4MN72IbWOWvwW7QN0VIF638CRfEkJwZioJs2sdXJm+bDeLgAklKqvZgZPvia 6VBxtvvzdIRg6cW1Kp7ODWy9eShJU2KTmex2Rn9E0A66lTJ0QvsIzX8Wvf3Md+uF xvvrPDolhhg= =Eel5 -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Apr 3 14:10:31 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l33IAVs3025298 for ; Tue, 3 Apr 2007 14:10:31 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l33IAUhu029910 for ; Tue, 3 Apr 2007 14:10:30 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l33IATP0017979 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 3 Apr 2007 14:10:30 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l33IATne016387; Tue, 3 Apr 2007 14:10:29 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956] From: Tom Yu Date: Tue, 03 Apr 2007 14:10:29 -0400 Message-ID: Lines: 190 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Tue, 03 Apr 2007 14:11:03 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2007 18:10:31 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-001 Original release: 2007-04-03 Last update: 2007-04-03 Topic: telnetd allows login as arbitrary user Severity: CRITICAL CVE: CVE-2007-0956 CERT: VU#220816 SUMMARY ======= The MIT krb5 telnet daemon (telnetd) allows unauthorized login as an arbitrary user, when presented with a specially crafted username. Exploitation of this vulnerability is trivial. This is a vulnerability in an application program; it is not a bug in the MIT krb5 libraries or in the Kerberos protocol. IMPACT ====== A user can gain unauthorized access to any account (including root) on a host running telnetd. Whether the attacker needs to authenticate depends on the configuration of telnetd on that host. AFFECTED SOFTWARE ================= * telnetd in all releases of MIT krb5, up to and including krb5-1.6 FIXES ===== * The upcoming krb5-1.6.1 release will contain a fix for this vulnerability. Prior to that release you may: * disable telnetd or * apply the patch This patch is also available at http://web.mit.edu/kerberos/advisories/2007-001-patch.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2007-001-patch.txt.asc *** src/appl/telnet/telnetd/state.c (revision 19480) - --- src/appl/telnet/telnetd/state.c (local) *************** *** 1665,1671 **** strcmp(varp, "RESOLV_HOST_CONF") && /* linux */ strcmp(varp, "NLSPATH") && /* locale stuff */ strncmp(varp, "LC_", strlen("LC_")) && /* locale stuff */ ! strcmp(varp, "IFS")) { return 1; } else { syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp); - --- 1665,1672 ---- strcmp(varp, "RESOLV_HOST_CONF") && /* linux */ strcmp(varp, "NLSPATH") && /* locale stuff */ strncmp(varp, "LC_", strlen("LC_")) && /* locale stuff */ ! strcmp(varp, "IFS") && ! !strchr(varp, '-')) { return 1; } else { syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp); *** src/appl/telnet/telnetd/sys_term.c (revision 19480) - --- src/appl/telnet/telnetd/sys_term.c (local) *************** *** 1287,1292 **** - --- 1287,1302 ---- #endif #if defined (AUTHENTICATION) if (auth_level >= 0 && autologin == AUTH_VALID) { + if (name[0] == '-') { + /* Authenticated and authorized to log in to an + account starting with '-'? Even if that + unlikely case comes to pass, the current login + program will not parse the resulting command + line properly. */ + syslog(LOG_ERR, "user name cannot start with '-'"); + fatal(net, "user name cannot start with '-'"); + exit(1); + } # if !defined(NO_LOGIN_F) #if defined(LOGIN_CAP_F) argv = addarg(argv, "-F"); *************** *** 1377,1387 **** } else #endif if (getenv("USER")) { ! argv = addarg(argv, getenv("USER")); #if defined(LOGIN_ARGS) && defined(NO_LOGIN_P) { register char **cpp; for (cpp = environ; *cpp; cpp++) argv = addarg(argv, *cpp); } #endif - --- 1387,1405 ---- } else #endif if (getenv("USER")) { ! char *user = getenv("USER"); ! if (user[0] == '-') { ! /* "telnet -l-x ..." */ ! syslog(LOG_ERR, "user name cannot start with '-'"); ! fatal(net, "user name cannot start with '-'"); ! exit(1); ! } ! argv = addarg(argv, user); #if defined(LOGIN_ARGS) && defined(NO_LOGIN_P) { register char **cpp; for (cpp = environ; *cpp; cpp++) + if ((*cpp)[0] != '-') argv = addarg(argv, *cpp); } #endif REFERENCES ========== This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CVE-2007-0956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956 CERT: VU#220816 http://www.kb.cert.org/vuls/id/220816 ACKNOWLEDGMENTS =============== This vulnerability was found when attempting to confirm the absence of a related vulnerability in the Solaris telnetd. [CVE-2007-0882] DETAILS ======= The MIT krb5 telnet daemon fails to adequately check the provided username. A malformed username beginning with "-e" can be interpreted as a command-line flag by the login.krb5 program, which is executed by telnetd. This causes login.krb5 to execute part of the BSD rlogin protocol, where an arbitrary username may be injected, allowing login as that user without a password or any further authentication. If the telnet daemon is configured to only permit authenticated login, then only authenticated users can exploit this vulnerability. REVISION HISTORY ================ 2007-04-03 original release Copyright (C) 2007 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRhKVRabDgE/zdoE9AQIzPAQAj8a7ShfHXVVMOPQhEyoN/Ydnalnfa2xE cl7UXFSjmkexalD+rymL0upLFw7EVgnYrVazc+AUhDLt1AZmCl5Lj2+WAcl1QYPu fEGm2SFaS4Eda6NRb6xZ4BeY8zfRWFN2G8Bb5krpGj+oEX/c3Xg8O4oUyiJBYBQi TXhryamn6Yw= =aE5C -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Apr 3 14:10:37 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l33IAbXU025336 for ; Tue, 3 Apr 2007 14:10:37 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l33IAahT029995 for ; Tue, 3 Apr 2007 14:10:36 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l33IAZOM018029 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 3 Apr 2007 14:10:35 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l33IAZVM016404; Tue, 3 Apr 2007 14:10:35 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957] From: Tom Yu Date: Tue, 03 Apr 2007 14:10:35 -0400 Message-ID: Lines: 148 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Tue, 03 Apr 2007 14:11:04 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2007 18:10:37 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-002 Original release: 2007-04-03 Last update: 2007-04-03 Topic: KDC, kadmind stack overflow in krb5_klog_syslog Severity: CRITICAL CVE: CVE-2007-0957 CERT: VU#704024 SUMMARY ======= The library function krb5_klog_syslog() can write past the end of a stack buffer. The Kerberos administration daemon (kadmind) as well as the KDC, are vulnerable. Exploitation of this vulnerability is probably simple. This is a vulnerability in the the kadm5 library, which is used by the KDC and kadmind, and possibly by some third-party applications. It is not a bug in the MIT krb5 protocol libraries or in the Kerberos protocol. IMPACT ====== An authenticated user may be able to cause a host running kadmind to execute arbitrary code. An authenticated user may be able to cause a KDC host to execute arbitrary code. Also, a user controlling a Kerberos realm sharing a key with the target realm may be able to cause a KDC host to execute arbitrary code. Successful exploitation can compromise the Kerberos key database and host security on the host running these programs. (kadmind and the KDC typically run as root.) Unsuccessful exploitation attempts will likely result in the affected program crashing. Third-party applications which call krb5_klog_syslog() may also be vulnerable. AFFECTED SOFTWARE ================= * MIT krb5 releases through krb5-1.6 FIXES ===== * The upcoming krb5-1.6.1 release will contain a fix for this vulnerability. Prior to that release you may: * apply the patch The patch is available at http://web.mit.edu/kerberos/advisories/2007-002-patch.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2007-002-patch.txt.asc Systems which definitely provide vsnprintf() may not need the entire patch; see "DETAILS". Please note that releases prior to krb5-1.5 will require additional changes to the configure script src/lib/kadm5/configure in order to correctly detect the presence of vsnprintf(). krb5-1.5 and later releases already check for vsnprintf() in the top-level configure script, and do not have a separate src/lib/kadm5/configure script. REFERENCES ========== This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CVE-2007-0957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957 CERT: VU#704024 http://www.kb.cert.org/vuls/id/704024 ACKNOWLEDGMENTS =============== We thank iDefense Labs for notifying us of this vulnerability. iDefense credits an anonymous discoverer. DETAILS ======= krb5_klog_syslog() uses vsprintf() to format text into a fixed-length stack buffer. Format specifiers such as "%s" used in calls to krb5_klog_syslog() may allow formatting of strings of sufficient length to overwrite memory past the end of the stack buffer. Certain strings received from the client by the kadmin daemon are not truncated prior to logging. Among these strings is the target principal for the kadmin operation. The KDC truncates most client-originated strings prior to logging. One sort of string which is not truncated is a transited-realms string. A malicious KDC sharing a key with the target realm may issue tickets with specially-crafted transited-realms strings to exploit this vulnerability. There are other places where an authenticated user may cause the KDC to log a string which triggers the vulnerability. On a system where vsnprintf() is confirmed to be available, the patches to files other than src/lib/kadm5/logger.c may not be necessary to prevent a buffer overflow; these patches are still useful to prevent malicious users from causing vsnprintf() to obliterate useful log information by means of truncation. REVISION HISTORY ================ 2007-04-03 original release Copyright (C) 2007 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRhKVS6bDgE/zdoE9AQJlZgQAq/IvVdpkf3VNViwuZaAJ31+mqq17gKqX 9DkxkvpPD2b5/8N/ouywP/ODCpYpT9Y+mU+Cw/hEfL2otv/o1HJcV7CXPRCEFODs YKpi2Sahcxs+jl1ZQfsY63oay6urZ0PTcrZTFQuqOv8B0wVd0XUwrSkBLejZszL3 YUFR4W+wtbg= =GsBC -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Apr 3 14:10:41 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l33IAfql025361 for ; Tue, 3 Apr 2007 14:10:41 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l33IAeeS000045 for ; Tue, 3 Apr 2007 14:10:40 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l33IAdaJ018077 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 3 Apr 2007 14:10:40 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l33IAdjB016419; Tue, 3 Apr 2007 14:10:39 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216] From: Tom Yu Date: Tue, 03 Apr 2007 14:10:39 -0400 Message-ID: Lines: 179 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Tue, 03 Apr 2007 14:11:04 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2007 18:10:41 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-003 Original release: 2007-04-03 Last update: 2007-04-03 Topic: double-free vulnerability in kadmind (via GSS-API library) Severity: CRITICAL CVE: CVE-2007-1216 CERT: VU#419344 SUMMARY ======= The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a double-free attack in the RPCSEC_GSS authentication flavor of the RPC library, which itself results from a bug in the GSS-API library. Under some error conditions, the krb5 GSS-API mechanism can free a buffer which an application may then free again. This may result in arbitrary code execution. Third-party applications using the GSS-API library provided with MIT krb5 may also be vulnerable. Exploitation of double-free bugs is believed to be difficult. This is a bug in the GSS-API library included with MIT krb5, which is used by kadmind and by some third-party applications. It is not a bug in the Kerberos protocol. IMPACT ====== An authenticated user may be able to cause a host running kadmind to execute arbitrary code. Successful exploitation can compromise the Kerberos key database and host security on the host running these programs. (kadmind and the KDC typically run as root.) Unsuccessful exploitation attempts will likely result in the affected program crashing. Third-party applications calling either the RPC library or the GSS-API library provided with MIT krb5 may be vulnerable. AFFECTED SOFTWARE ================= * kadmind from MIT releases krb5-1.4 through krb5-1.6 * third-party applications calling the RPC library included in MIT releases krb5-1.4 through krb5-1.6 * kadmind and third-party applications calling the RPC library in MIT releases earlier than krb5-1.4 may not be vulnerable because the RPCSEC_GSS authentication flavor was not implemented in those RPC libraries. * third-party applications calling the GSS-API library included in any MIT krb5 releases, up to and including krb5-1.6, if the application handles GSS-API errors in a certain way FIXES ===== * The upcoming krb5-1.6.1 release will contain a fix for this vulnerability. Prior to that release you may: * apply the patch Note that releases prior to krb5-1.3 will require a different patch due to an additional related vulnerability in the same file. This patch is also available at http://web.mit.edu/kerberos/advisories/2007-003-patch.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2007-003-patch.txt.asc *** src/lib/gssapi/krb5/k5unseal.c (revision 19510) - --- src/lib/gssapi/krb5/k5unseal.c (revision 19511) *************** *** 457,464 **** if ((ctx->initiate && direction != 0xff) || (!ctx->initiate && direction != 0)) { ! if (toktype == KG_TOK_SEAL_MSG) xfree(token.value); *minor_status = G_BAD_DIRECTION; return(GSS_S_BAD_SIG); } - --- 457,467 ---- if ((ctx->initiate && direction != 0xff) || (!ctx->initiate && direction != 0)) { ! if (toktype == KG_TOK_SEAL_MSG) { xfree(token.value); + message_buffer->value = NULL; + message_buffer->length = 0; + } *minor_status = G_BAD_DIRECTION; return(GSS_S_BAD_SIG); } REFERENCES ========== This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CVE-2007-1216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216 CERT: VU#419344 http://www.kb.cert.org/vuls/id/419344 ACKNOWLEDGMENTS =============== This bug was found while exercising the GSS-API library using the GSSTEST test program provided by SAP AG. Shiva Persaud of IBM alerted us to an ambiguity in the wording of a draft of this advisory. DETAILS ======= The kg_unseal_v1() function in src/lib/gssapi/krb5/k5unseal.c frees memory allocated for the "message_buffer" gss_buffer_t when it detects an invalid direction encoding on the message. It does not set the pointer to NULL, nor does it set the length to zero. An application subsequently calling gss_release_buffer() on this gss_buffer_t will cause memory to be freed twice. Much code provided with MIT krb5 does not attempt to call gss_release_buffer() when gss_unseal() or gss_unwrap() fails, even though the GSS-API C-bindings specification permits it to do so. The RPCSEC_GSS authentication flavor for the RPC library, introduced in krb5-1.4, does call gss_release_buffer() when gss_unwrap() fails. This allows an authenticated attacker to trigger a double-free situation. Third-party applications calling the RPC library provided with MIT krb5 and using the RPCSEC_GSS authentication flavor are vulnerable. Third-party applications calling the MIT GSS-API library are vulnerable if they call gss_release_buffer() when they experience errors from gss_unseal() or gss_unwrap(). REVISION HISTORY ================ 2007-04-03 original release Copyright (C) 2007 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRhKVU6bDgE/zdoE9AQJS0gP/fieb8glCvyZHOiJkVRGGbtzzSPC2RcHN IkuF+aJo+KaKSFE+aKjce6Yx8jbOeqXx6CJe6UivGwXr1yyp31dh4B92N+3kMJlk bsNlmNJOg2iOAo+YTINokfIwsYZSWcAv1UVjhTYlev0sn9IdI/a1NNhNpIvkSDg0 NdPwbLy4wi8= =MwHB -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Apr 3 19:22:54 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l33NMsGo022827 for ; Tue, 3 Apr 2007 19:22:54 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l33NMs3d011302 for ; Tue, 3 Apr 2007 19:22:54 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l33NMrdw022348 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 3 Apr 2007 19:22:53 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l33NMq7H027021; Tue, 3 Apr 2007 19:22:52 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: kfw-3.2-beta1 is available From: Tom Yu Date: Tue, 03 Apr 2007 19:22:49 -0400 Message-ID: Lines: 251 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id l33NMsGo022827 X-Mailman-Approved-At: Tue, 03 Apr 2007 19:23:11 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2007 23:22:55 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Development Team and Secure Endpoints Inc. are proud to announce the first beta release of MIT's Kerberos for Windows product, Version 3.2. Please send bug reports and feedback to kfw-bugs@mit.edu. What's New: =========== * Network Identity Manager Application o A simplified basic mode has been added to the "obtain new credentials dialog". The basic mode replaces the credential browser with a button that can be used to access the advanced configuration functions. This advanced mode provides the credential browser and a tabbed view of the configuration dialogs for each of the available credential providers. o A simplified default application view that shows only the status of the active identities. o A new command-line option to netidmgr.exe is available to shutdown a running instance of Network Identity Manager. Specify "-x" or "--exit" to force the existing instance to terminate. o The use of ellipsis on menu items now follows the Windows Style Guide. Ellipsis is only used when additional information is required from the user before carrying out the designated action. If displaying a dialog is the action, no ellipsis is used. o Improved handling of window focus when opening and closing modal dialogs. o Reduce the number of alerts presented to the user by combining duplicates into a single alert. o Do not generate alerts if there is nothing that the user can do to correct the situation. Alerts that are displayed provide actions the user can take if desired. o Renew and Destroy menus provide "All" and "Individual identity names" as choices. o The Renew and Destroy toolbar buttons provide dropdown menus permitting the action to be applied to either "All" or one specific identity. o The "default" action of left clicking the notification icon is now configurable. The default configuration is "open/close NIM window". The alternate is to open the new credentials dialog. This can be specified by the user on the General Options page. o The alerter window can now display multiple alerts simultaneously. o Ensure that the NIM window is displayed on an active desktop. If not, move it to the primary desktop and center it. o New Basic mode display that shows only the state of the identity and its expiration time. Use F7 or View->Advanced to switch to the previous display that is configurable by the user to show details about each credential. o New Color Scheme derived from current Windows Desktop Color Scheme. o Improved display updating algorithms reduce flicker o The proper icon sizes are now used in the information bubble and the status bar. o Plug-in Help can now be added to the Help menu * Network Identity Manager Kerberos v5 Support o Do not show cached prompts to user if they have expired o Correct the possibility that a krb5_ccache handle might be freed twice. o Import settings from Kerberos Profile if there are no equivalent defaults specified in the registry. Support per-realm settings. o An identity that matches the MSLSA will not renew its credentials from the MSLSA if the user obtained the credentials from elsewhere. o When importing an identity from the MSLSA that has never been seen before, create an entry in the identity database. o Do not attempt to renew non-renewable identities o Permit an identity to be configured as the default identity even if it doesn't have any credentials. * Kerberos v5 Library Improvements o Based on MIT release 1.6+ o On Vista MSLSA: krb5_ccache can be used to store tickets including TGTs for alternative principals to the LSA credential cache o On Vista a more efficient interface for enumerating the contents of the LSA credential cache is available. o Vista support is only built if the Vista SDK version of NTSecAPI.H is used. o On Vista, if a process is UAC limited, the MSLSA will report that no tickets are present in the cache rather than return tickets with invalid session keys. o get_os_ccname() uses GetEnvironmentVariable() instead of getenv() to read the KRB5CCNAME environment variable. This allows the correct default credential cache name to be returned by krb5_cc_default_name(). This works around a problem where a gssapi application would trigger an Obtain New Credentials prompt from NIM only to have it obtain the wrong credential cache. * Winsock Helper Library Improvements o DNS queries that terminate with a dot would not properly match the hostnames listed within the DNS response preventing a successful return. This resulted in "kinit -4" failing to find the KDCs. * Integrated Logon Improvements o Remove the reliance on the Windows Logon Event handler and replace it with a LogonScript that executes kfwlogon.dll via a call to rundll32.exe. This change permits the integrated logon functionality to work on all supported platforms: Windows 2000 to Windows Vista. o Disable the use of integrated logon if the Network Provider is called as a result of a non-interactive logon. The non-interactive logon does not process the specified LogonScript. As a result, the intermediate credential cache file would not be processed nor cleaned up. o Obtained credentials are stored into an API credential cache whose name is API: o Add a debugging mode which when activated logs to the Windows Application Event Log. [HKLM\System\CurrentControlSet\Services\MIT Kerberos\NetworkProvider] DWORD "Debug" * Leash32 Library Changes o Modify the leash functions to use krb5_string_to_deltat() to parse ticket_lifetime and renew_lifetime from the profile. Previously the leash functions expected those fields to be integer representation of minutes without the use of any units. This change is for consistency with KFM and the rest of the krb5 library. o Modify the private functions acquire_tkt_for_princ() and acquire_tkt_no_princ() that are called from gssapi32.dll so that they will work on Windows Vista and so that the MSLSA: principal is only imported if it matches the default identity and no credentials for that identity are present. o Remove all AFS functionality. Supported Versions of Microsoft Windows ======================================= This release requires 32-bit editions of Microsoft Windows 2000 and higher or the WOW64 environment of 64-bit editions of Microsoft Windows XP and higher. Microsoft Vista User Account Control (UAC) ========================================== Microsoft Vista UAC mode prevents accounts that are members of the local Administrators group from accessing Kerberos session keys from the LSA credentials cache. The MIT Kerberos MSLSA krb5_ccache type will not report the existence of Kerberos tickets which do not have valid session keys. Users are encouraged to login to Microsoft Vista with accounts that are not members of the local machine Administrators group in order to obtain the best single sign-on experience with MIT Kerberos for Windows and Network Identity Manager. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/dist/index.html Acknowledgments =============== Thanks to Stanford University for funding Secure Endpoints Inc.'s implementation of many of the Network Identity Manager user experience improvements including the user configurable default action, the revised "Obtain New Credentials" dialog, the new default application view, and the improved alert management. Secure Endpoints Inc. wishes to acknowledge the work of Asanka Herath on Network Identity Manager (NIM). NIM would not be the same without him. For information on Secure Endpoints Inc.'s future plans for NIM please see http://www.secure-endpoints.com/netidmgr/roadmap.html Important notice regarding Kerberos 4 support ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos@mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRhLhzKbDgE/zdoE9AQIt/QP9E75/AL1iKUctB6qGaWyacQDdK+pNINEH 9OXxThI2q9k7dunx2XvmKgCnqeRdYSqr8ioQi7bWEABogqaSi+GXuyo3JKinnnAK W6482mk2hoAa5rK2TM2b5ArRkjx5csDp8Y08ImvcM6mQU+GeVLVy6ZFAyJs4isMV XlU9BVqZ5uQ= =aonP -----END PGP SIGNATURE----- From tlyu@MIT.EDU Wed Apr 11 16:58:07 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l3BKw7h9023681 for ; Wed, 11 Apr 2007 16:58:07 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l3BKw6dL007684 for ; Wed, 11 Apr 2007 16:58:07 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l3BKw5B0026297 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Wed, 11 Apr 2007 16:58:06 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l3BKw5Qs010144; Wed, 11 Apr 2007 16:58:05 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: kfw-3.2-beta1 is available - corrected MSI From: Tom Yu Date: Wed, 11 Apr 2007 16:58:02 -0400 Message-ID: Lines: 259 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id l3BKw7h9023681 X-Mailman-Approved-At: Wed, 11 Apr 2007 17:14:36 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Apr 2007 20:58:07 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a reposting because the MSI originally posted for kfw-3.2-beta1 was inadvertently copied from an older version. We have uploaded the correct kfw-3_2_0-beta1.msi file. One way to distinguish the files is by their size; the correct MSI file has a size of 8391k. The incorrect file had a size of 8400k. ======================================== The MIT Kerberos Development Team and Secure Endpoints Inc. are proud to announce the first beta release of MIT's Kerberos for Windows product, Version 3.2. Please send bug reports and feedback to kfw-bugs@mit.edu. What's New: =========== * Network Identity Manager Application o A simplified basic mode has been added to the "obtain new credentials dialog". The basic mode replaces the credential browser with a button that can be used to access the advanced configuration functions. This advanced mode provides the credential browser and a tabbed view of the configuration dialogs for each of the available credential providers. o A simplified default application view that shows only the status of the active identities. o A new command-line option to netidmgr.exe is available to shutdown a running instance of Network Identity Manager. Specify "-x" or "--exit" to force the existing instance to terminate. o The use of ellipsis on menu items now follows the Windows Style Guide. Ellipsis is only used when additional information is required from the user before carrying out the designated action. If displaying a dialog is the action, no ellipsis is used. o Improved handling of window focus when opening and closing modal dialogs. o Reduce the number of alerts presented to the user by combining duplicates into a single alert. o Do not generate alerts if there is nothing that the user can do to correct the situation. Alerts that are displayed provide actions the user can take if desired. o Renew and Destroy menus provide "All" and "Individual identity names" as choices. o The Renew and Destroy toolbar buttons provide dropdown menus permitting the action to be applied to either "All" or one specific identity. o The "default" action of left clicking the notification icon is now configurable. The default configuration is "open/close NIM window". The alternate is to open the new credentials dialog. This can be specified by the user on the General Options page. o The alerter window can now display multiple alerts simultaneously. o Ensure that the NIM window is displayed on an active desktop. If not, move it to the primary desktop and center it. o New Basic mode display that shows only the state of the identity and its expiration time. Use F7 or View->Advanced to switch to the previous display that is configurable by the user to show details about each credential. o New Color Scheme derived from current Windows Desktop Color Scheme. o Improved display updating algorithms reduce flicker o The proper icon sizes are now used in the information bubble and the status bar. o Plug-in Help can now be added to the Help menu * Network Identity Manager Kerberos v5 Support o Do not show cached prompts to user if they have expired o Correct the possibility that a krb5_ccache handle might be freed twice. o Import settings from Kerberos Profile if there are no equivalent defaults specified in the registry. Support per-realm settings. o An identity that matches the MSLSA will not renew its credentials from the MSLSA if the user obtained the credentials from elsewhere. o When importing an identity from the MSLSA that has never been seen before, create an entry in the identity database. o Do not attempt to renew non-renewable identities o Permit an identity to be configured as the default identity even if it doesn't have any credentials. * Kerberos v5 Library Improvements o Based on MIT release 1.6+ o On Vista MSLSA: krb5_ccache can be used to store tickets including TGTs for alternative principals to the LSA credential cache o On Vista a more efficient interface for enumerating the contents of the LSA credential cache is available. o Vista support is only built if the Vista SDK version of NTSecAPI.H is used. o On Vista, if a process is UAC limited, the MSLSA will report that no tickets are present in the cache rather than return tickets with invalid session keys. o get_os_ccname() uses GetEnvironmentVariable() instead of getenv() to read the KRB5CCNAME environment variable. This allows the correct default credential cache name to be returned by krb5_cc_default_name(). This works around a problem where a gssapi application would trigger an Obtain New Credentials prompt from NIM only to have it obtain the wrong credential cache. * Winsock Helper Library Improvements o DNS queries that terminate with a dot would not properly match the hostnames listed within the DNS response preventing a successful return. This resulted in "kinit -4" failing to find the KDCs. * Integrated Logon Improvements o Remove the reliance on the Windows Logon Event handler and replace it with a LogonScript that executes kfwlogon.dll via a call to rundll32.exe. This change permits the integrated logon functionality to work on all supported platforms: Windows 2000 to Windows Vista. o Disable the use of integrated logon if the Network Provider is called as a result of a non-interactive logon. The non-interactive logon does not process the specified LogonScript. As a result, the intermediate credential cache file would not be processed nor cleaned up. o Obtained credentials are stored into an API credential cache whose name is API: o Add a debugging mode which when activated logs to the Windows Application Event Log. [HKLM\System\CurrentControlSet\Services\MIT Kerberos\NetworkProvider] DWORD "Debug" * Leash32 Library Changes o Modify the leash functions to use krb5_string_to_deltat() to parse ticket_lifetime and renew_lifetime from the profile. Previously the leash functions expected those fields to be integer representation of minutes without the use of any units. This change is for consistency with KFM and the rest of the krb5 library. o Modify the private functions acquire_tkt_for_princ() and acquire_tkt_no_princ() that are called from gssapi32.dll so that they will work on Windows Vista and so that the MSLSA: principal is only imported if it matches the default identity and no credentials for that identity are present. o Remove all AFS functionality. Supported Versions of Microsoft Windows ======================================= This release requires 32-bit editions of Microsoft Windows 2000 and higher or the WOW64 environment of 64-bit editions of Microsoft Windows XP and higher. Microsoft Vista User Account Control (UAC) ========================================== Microsoft Vista UAC mode prevents accounts that are members of the local Administrators group from accessing Kerberos session keys from the LSA credentials cache. The MIT Kerberos MSLSA krb5_ccache type will not report the existence of Kerberos tickets which do not have valid session keys. Users are encouraged to login to Microsoft Vista with accounts that are not members of the local machine Administrators group in order to obtain the best single sign-on experience with MIT Kerberos for Windows and Network Identity Manager. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/dist/index.html Acknowledgments =============== Thanks to Stanford University for funding Secure Endpoints Inc.'s implementation of many of the Network Identity Manager user experience improvements including the user configurable default action, the revised "Obtain New Credentials" dialog, the new default application view, and the improved alert management. Secure Endpoints Inc. wishes to acknowledge the work of Asanka Herath on Network Identity Manager (NIM). NIM would not be the same without him. For information on Secure Endpoints Inc.'s future plans for NIM please see http://www.secure-endpoints.com/netidmgr/roadmap.html Important notice regarding Kerberos 4 support ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos@mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRh1L3abDgE/zdoE9AQI2FAP/QbBEqlUkliDO5UvKzxDJCeti6lWLqKYe 55HiUijs8UD2egkI42MqwN/YISgwDbrw1QVPg8PdqnNEHNrAHs9dir8Fbhg6nLAj TQTjQFIKUxQu43u8E0xkbWYukG5hlzSOZORPVXWOjZeurZC1mibxNaRWiu5hfZdS reg8ECwVHzs= =jGyx -----END PGP SIGNATURE----- From kpkoch@MIT.EDU Tue Apr 17 10:03:48 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l3HE3mKf008785 for ; Tue, 17 Apr 2007 10:03:48 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l3HE3lZD000781 for ; Tue, 17 Apr 2007 10:03:47 -0400 (EDT) Received: from T60PKPKOCH (146-115-125-94.c3-0.arl-ubr1.sbo-arl.ma.cable.rcn.com [146.115.125.94]) (authenticated bits=0) (User authenticated as kpkoch@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l3HE3ksO018460 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for ; Tue, 17 Apr 2007 10:03:47 -0400 (EDT) From: "Kevin Koch" To: Subject: Announcing the kfwdev mailing list Date: Tue, 17 Apr 2007 10:03:50 -0400 Organization: IS&T ISDA Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: Acd9573ifLKIdaXMTh2K/NDNFrqG1gC/KWnAAAUo53AAAAmE8A== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Tue, 17 Apr 2007 15:19:38 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Apr 2007 14:03:48 -0000 I have created a mailing list for discussion of Kerberos for Windows (KfW) issues. Anyone discussing Network Identity Manager (NIM) or KfW, or planning on contributing code to them, should subscribe. kfwdev is expected to be a subset of krbdev. Kevin Koch Lead Software Engineer, Kerberos for Windows Information Services & Technology Massachusetts Institute of Technology 77 Massachusetts Avenue W92-140 Cambridge, MA 02139 Office: 617-324-8949 kpkoch@mit.edu From tlyu@MIT.EDU Thu Apr 19 19:06:30 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l3JN6UEk022600 for ; Thu, 19 Apr 2007 19:06:30 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l3JN6TEH009437 for ; Thu, 19 Apr 2007 19:06:29 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l3JN6SGA006958 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 19 Apr 2007 19:06:29 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l3JN6Sxn025400; Thu, 19 Apr 2007 19:06:28 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: krb5-1.5.3 is released From: Tom Yu Date: Thu, 19 Apr 2007 19:06:22 -0400 Message-ID: Lines: 36 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Thu, 19 Apr 2007 19:10:40 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Apr 2007 23:06:30 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.5.3. This is primarily a security update release. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.5.3 =================================== You may retrieve the Kerberos 5 Release 1.5.3 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.5.3 release is: http://web.mit.edu/kerberos/krb5-1.5/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES ============= * Fix MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956, VU#220816] * Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog [CVE-2007-0957, VU#704024] * Fix MITKRB5-SA-2007-003: double-free in kadmind - the RPC library could perform a double-free due to a GSS-API library bug [CVE-2007-1216, VU#419344] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRif19KbDgE/zdoE9AQKF2AQAvO8ruRbi3hzPrHJoqOoJ3q8UDQV8BADw hJZr57fFSELmEhDldK6vW7NF/pvRRh/VOgysb+fMI5m/s6usmtCxRCWRDAuLatkY bEC8B+W4eJqtaKRU2WmqjchJ/+/hIB0Kiok2axv+0wagrfAXfmGNvuvFyCyKcxKu PBNXUGnmG94= =QI9d -----END PGP SIGNATURE----- From tlyu@MIT.EDU Fri Apr 20 20:17:03 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l3L0H3Fj010462 for ; Fri, 20 Apr 2007 20:17:03 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l3L0H3kT011218 for ; Fri, 20 Apr 2007 20:17:03 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l3L0H204011024 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Fri, 20 Apr 2007 20:17:02 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l3L0H2nb001735; Fri, 20 Apr 2007 20:17:02 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: krb5-1.6.1 is released From: Tom Yu Date: Fri, 20 Apr 2007 20:16:57 -0400 Message-ID: Lines: 38 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id l3L0H3Fj010462 X-Mailman-Approved-At: Fri, 20 Apr 2007 20:17:15 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Apr 2007 00:17:04 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.6.1. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.6.1 =================================== You may retrieve the Kerberos 5 Release 1.6.1 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.6.1 release is: http://web.mit.edu/kerberos/krb5-1.6/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES ============= * Fix MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956, VU#220816] * Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog [CVE-2007-0957, VU#704024] * Fix MITKRB5-SA-2007-003: double-free in kadmind - the RPC library could perform a double-free due to a GSS-API library bug [CVE-2007-1216, VU#419344] * fix crash creating db2 database in non-existent directory -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRilX/abDgE/zdoE9AQKnlAQApp011mLdZDL4xxckyi3gDhFnb4Yjj0b8 xXowsizM7Qd3P0xih2orzl5efVBlmNLr//Ol977Xmpk0PXuEGv/XtPe7vy8+gNFk LoVFTgGCBkwn4eHuLxZ3+j0ZtoS4ydKVESu/dv2s8sAUhl/vBptL7eLB5pXjEtPJ MWPqZb1Pldc= =OQEt -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Apr 24 17:12:28 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l3OLCSo8029921 for ; Tue, 24 Apr 2007 17:12:28 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l3OLCRiN018486 for ; Tue, 24 Apr 2007 17:12:28 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l3OLCRcl010857 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 24 Apr 2007 17:12:27 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l3OLCR9B012608; Tue, 24 Apr 2007 17:12:27 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: kfw-3.2-beta2 is available From: Tom Yu Date: Tue, 24 Apr 2007 17:12:22 -0400 Message-ID: Lines: 305 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id l3OLCSo8029921 X-Mailman-Approved-At: Tue, 24 Apr 2007 17:20:36 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Apr 2007 21:12:29 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Development Team and Secure Endpoints Inc. are proud to announce the second beta release of MIT's Kerberos for Windows product, Version 3.2. Please send bug reports and feedback to kfw-bugs@mit.edu. What's New in KFW 3.2: ====================== * Network Identity Manager Application o A simplified basic mode has been added to the "obtain new credentials dialog". The basic mode replaces the credential browser with a button that can be used to access the advanced configuration functions. This advanced mode provides the credential browser and a tabbed view of the configuration dialogs for each of the available credential providers. o A simplified default application view that shows only the status of the active identities. o A new command-line option to netidmgr.exe is available to shutdown a running instance of Network Identity Manager. Specify "-x" or "--exit" to force the existing instance to terminate. o The use of ellipsis on menu items now follows the Windows Style Guide. Ellipsis is only used when additional information is required from the user before carrying out the designated action. If displaying a dialog is the action, no ellipsis is used. o Improved handling of window focus when opening and closing modal dialogs. o Reduce the number of alerts presented to the user by combining duplicates into a single alert. o Do not generate alerts if there is nothing that the user can do to correct the situation. Alerts that are displayed provide actions the user can take if desired. o Renew and Destroy menus provide "All" and "Individual identity names" as choices. o The Renew and Destroy toolbar buttons provide dropdown menus permitting the action to be applied to either "All" or one specific identity. o The "default" action of left clicking the notification icon is now configurable. The default configuration is "open/close NIM window". The alternate is to open the new credentials dialog. This can be specified by the user on the General Options page. o The alerter window can now display multiple alerts simultaneously. o Ensure that the NIM window is displayed on an active desktop. If not, move it to the primary desktop and center it. o New Basic mode display that shows only the state of the identity and its expiration time. Use F7 or View->Advanced to switch to the previous display that is configurable by the user to show details about each credential. o New Color Scheme derived from current Windows Desktop Color Scheme. o Improved display updating algorithms reduce flicker o The proper icon sizes are now used in the information bubble and the status bar. o Task Bar buttons are created for visible windows and dialogs o Plug-in Help can now be added to the Help menu o Improved HtmlHelp user documentation with Indexing o Improved HtmlHelp developer documentation with Indexing o Improved PDF user documentation * Network Identity Manager Kerberos v5 Support o Do not show cached prompts to user if they have expired o Correct the possibility that a krb5_ccache handle might be freed twice. o Import settings from Kerberos Profile if there are no equivalent defaults specified in the registry. Support per-realm settings. o An identity that matches the MSLSA will not renew its credentials from the MSLSA if the user obtained the credentials from elsewhere. o When importing an identity from the MSLSA that has never been seen before, create an entry in the identity database. o Do not attempt to renew non-renewable identities o Permit an identity to be configured as the default identity even if it doesn't have any credentials. * Kerberos v5 Library Improvements o Based on MIT release 1.6+ o On Vista MSLSA: krb5_ccache can be used to store tickets including TGTs for alternative principals to the LSA credential cache o On Vista a more efficient interface for enumerating the contents of the LSA credential cache is available. o Vista support is only built if the Vista SDK version of NTSecAPI.H is used. o On Vista, if a process is UAC limited, the MSLSA will report that no tickets are present in the cache rather than return tickets with invalid session keys. o get_os_ccname() uses GetEnvironmentVariable() instead of getenv() to read the KRB5CCNAME environment variable. This allows the correct default credential cache name to be returned by krb5_cc_default_name(). This works around a problem where a gssapi application would trigger an Obtain New Credentials prompt from NIM only to have it obtain the wrong credential cache. * Winsock Helper Library Improvements o DNS queries that terminate with a dot would not properly match the hostnames listed within the DNS response preventing a successful return. This resulted in "kinit -4" failing to find the KDCs. * Integrated Logon Improvements o Remove the reliance on the Windows Logon Event handler and replace it with a LogonScript that executes kfwlogon.dll via a call to rundll32.exe. This change permits the integrated logon functionality to work on all supported platforms: Windows 2000 to Windows Vista. o Disable the use of integrated logon if the Network Provider is called as a result of a non-interactive logon. The non-interactive logon does not process the specified LogonScript. As a result, the intermediate credential cache file would not be processed nor cleaned up. o Obtained credentials are stored into an API credential cache whose name is API: o Add a debugging mode which when activated logs to the Windows Application Event Log. [HKLM\System\CurrentControlSet\Services\MIT Kerberos\NetworkProvider] DWORD "Debug" * Leash32 Library Changes o Modify the leash functions to use krb5_string_to_deltat() to parse ticket_lifetime and renew_lifetime from the profile. Previously the leash functions expected those fields to be integer representation of minutes without the use of any units. This change is for consistency with KFM and the rest of the krb5 library. o Modify the private functions acquire_tkt_for_princ() and acquire_tkt_no_princ() that are called from gssapi32.dll so that they will work on Windows Vista and so that the MSLSA: principal is only imported if it matches the default identity and no credentials for that identity are present. o Remove all AFS functionality. Changes since Beta 1 ==================== (1) Updated HtmlHelp user documentation with basic indexing (2) Updated PDF user documentation (3) Fix the Kerberos v4 configuration panel in the Obtain New Credentials dialog so that it works even if the global use Kerberos v4 flag says not to. (4) Initialize the default identity from existing credentials if there has never been a default identity specified before (5) Renew identities that are imported from MSLSA by importing if and only if the user did not manually obtain credentials for the same identity later on. (6) When renewing an identity that was imported from the MSLSA, if the credentials are expired (or otherwise not useful) initialize the MSLSA ccache and try again. (7) Improvements in hot spot handling (8) Improvements in Advanced view column sort order handling (9) Add a Taskbar button to the main window and the obtain new credentials and change password dialogs (10) Add a vertical scrollbar to the realm list in the Obtain New Credentials and Change Password dialogs (11) File Version information was missing from a number of the Kerberos utility commands. (12) The NIM About dialog could not be closed via Alt-F4 (13) The Integrated Logon Event Log name was changed to "MIT Kerberos". Logging of failure to find the "Debug" registry value was removed. Use case-insensitive tests for the Windows Station to ensure that the "interactive" state can be properly determined on Vista. Clean up orphaned cache files (older than five minutes.) Properly find the kfwcpcc.exe executable. (14) Significantly improved Network Identity Manager Developer documentation. Supported Versions of Microsoft Windows ======================================= This release requires 32-bit editions of Microsoft Windows 2000 and higher or the WOW64 environment of 64-bit editions of Microsoft Windows XP and higher. Microsoft Vista User Account Control (UAC) ========================================== Microsoft Vista UAC mode prevents accounts that are members of the local Administrators group from accessing Kerberos session keys from the LSA credentials cache. The MIT Kerberos MSLSA krb5_ccache type will not report the existence of Kerberos tickets which do not have valid session keys. Users are encouraged to login to Microsoft Vista with accounts that are not members of the local machine Administrators group in order to obtain the best single sign-on experience with MIT Kerberos for Windows and Network Identity Manager. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/dist/index.html Acknowledgments =============== Thanks to Stanford University for funding Secure Endpoints Inc.'s implementation of many of the Network Identity Manager user experience improvements including the user configurable default action, the revised "Obtain New Credentials" dialog, the new default application view, and the improved alert management. Secure Endpoints Inc. wishes to acknowledge the work of Asanka Herath on Network Identity Manager (NIM). NIM would not be the same without him. For information on Secure Endpoints Inc.'s future plans for NIM please see http://www.secure-endpoints.com/netidmgr/roadmap.html A special thanks to Kevin Koch, the newest member of the MIT Kerberos team, for his work on the automated build scripts used to produce this release. Important notice regarding Kerberos 4 support ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos@mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRi5yuqbDgE/zdoE9AQKRpgQAgvgqHTU6U2rwB9HkT8hojsoHRZNzbZNz WKNCzlkVhS78gJbbGkyOOoKi9HklApfA1GH4PJrbsWyBVI3Zzs4A5sbBgh3F0sKy clE2FEKTaMmv4SnOuZv0cY0hTrbfdmtUa1K6t+vUFC5zlyEpZVWmOgPU+mmKG5SI BYhL9oEMSKs= =AGpI -----END PGP SIGNATURE----- From tlyu@MIT.EDU Thu Apr 26 16:30:48 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l3QKUmLK000775 for ; Thu, 26 Apr 2007 16:30:48 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l3QKUlGF029938 for ; Thu, 26 Apr 2007 16:30:47 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l3QKUk7j004853 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 26 Apr 2007 16:30:46 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l3QKUjMk021008; Thu, 26 Apr 2007 16:30:45 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: kfw-3.2-beta3 is available From: Tom Yu Date: Thu, 26 Apr 2007 16:30:42 -0400 Message-ID: Lines: 319 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id l3QKUmLK000775 X-Mailman-Approved-At: Thu, 26 Apr 2007 16:30:56 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2007 20:30:48 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Development Team and Secure Endpoints Inc. are proud to announce the third beta release of MIT's Kerberos for Windows product, Version 3.2. Please send bug reports and feedback to kfw-bugs@mit.edu. What's New in KFW 3.2: ====================== * Network Identity Manager Application o A simplified basic mode has been added to the "obtain new credentials dialog". The basic mode replaces the credential browser with a button that can be used to access the advanced configuration functions. This advanced mode provides the credential browser and a tabbed view of the configuration dialogs for each of the available credential providers. o A simplified default application view that shows only the status of the active identities. o A new command-line option to netidmgr.exe is available to shutdown a running instance of Network Identity Manager. Specify "-x" or "--exit" to force the existing instance to terminate. o The use of ellipsis on menu items now follows the Windows Style Guide. Ellipsis is only used when additional information is required from the user before carrying out the designated action. If displaying a dialog is the action, no ellipsis is used. o Improved handling of window focus when opening and closing modal dialogs. o Reduce the number of alerts presented to the user by combining duplicates into a single alert. o Do not generate alerts if there is nothing that the user can do to correct the situation. Alerts that are displayed provide actions the user can take if desired. o Renew and Destroy menus provide "All" and "Individual identity names" as choices. o The Renew and Destroy toolbar buttons provide dropdown menus permitting the action to be applied to either "All" or one specific identity. o The "default" action of left clicking the notification icon is now configurable. The default configuration is "open/close NIM window". The alternate is to open the new credentials dialog. This can be specified by the user on the General Options page. o The alerter window can now display multiple alerts simultaneously. o Ensure that the NIM window is displayed on an active desktop. If not, move it to the primary desktop and center it. o New Basic mode display that shows only the state of the identity and its expiration time. Use F7 or View->Advanced to switch to the previous display that is configurable by the user to show details about each credential. o New Color Scheme derived from current Windows Desktop Color Scheme. o Improved display updating algorithms reduce flicker o The proper icon sizes are now used in the information bubble and the status bar. o Task Bar buttons are created for visible windows and dialogs o Plug-in Help can now be added to the Help menu o Improved HtmlHelp user documentation with Indexing o Improved HtmlHelp developer documentation with Indexing o Improved PDF user documentation * Network Identity Manager Kerberos v5 Support o Do not show cached prompts to user if they have expired o Correct the possibility that a krb5_ccache handle might be freed twice. o Import settings from Kerberos Profile if there are no equivalent defaults specified in the registry. Support per-realm settings. o An identity that matches the MSLSA will not renew its credentials from the MSLSA if the user obtained the credentials from elsewhere. o When importing an identity from the MSLSA that has never been seen before, create an entry in the identity database. o Do not attempt to renew non-renewable identities o Permit an identity to be configured as the default identity even if it doesn't have any credentials. * Kerberos v5 Library Improvements o Based on MIT release 1.6+ o On Vista MSLSA: krb5_ccache can be used to store tickets including TGTs for alternative principals to the LSA credential cache o On Vista a more efficient interface for enumerating the contents of the LSA credential cache is available. o Vista support is only built if the Vista SDK version of NTSecAPI.H is used. o On Vista, if a process is UAC limited, the MSLSA will report that no tickets are present in the cache rather than return tickets with invalid session keys. o get_os_ccname() uses GetEnvironmentVariable() instead of getenv() to read the KRB5CCNAME environment variable. This allows the correct default credential cache name to be returned by krb5_cc_default_name(). This works around a problem where a gssapi application would trigger an Obtain New Credentials prompt from NIM only to have it obtain the wrong credential cache. * Winsock Helper Library Improvements o DNS queries that terminate with a dot would not properly match the hostnames listed within the DNS response preventing a successful return. This resulted in "kinit -4" failing to find the KDCs. * Integrated Logon Improvements o Remove the reliance on the Windows Logon Event handler and replace it with a LogonScript that executes kfwlogon.dll via a call to rundll32.exe. This change permits the integrated logon functionality to work on all supported platforms: Windows 2000 to Windows Vista. o Disable the use of integrated logon if the Network Provider is called as a result of a non-interactive logon. The non-interactive logon does not process the specified LogonScript. As a result, the intermediate credential cache file would not be processed nor cleaned up. o Obtained credentials are stored into an API credential cache whose name is API: o Add a debugging mode which when activated logs to the Windows Application Event Log. [HKLM\System\CurrentControlSet\Services\MIT Kerberos\NetworkProvider] DWORD "Debug" * Leash32 Library Changes o Modify the leash functions to use krb5_string_to_deltat() to parse ticket_lifetime and renew_lifetime from the profile. Previously the leash functions expected those fields to be integer representation of minutes without the use of any units. This change is for consistency with KFM and the rest of the krb5 library. o Modify the private functions acquire_tkt_for_princ() and acquire_tkt_no_princ() that are called from gssapi32.dll so that they will work on Windows Vista and so that the MSLSA: principal is only imported if it matches the default identity and no credentials for that identity are present. o Remove all AFS functionality. Changes since Beta 2 ==================== (1) A race condition in krb5_get_creds_from_kdc_opt() resulting in a memory access error was fixed that could be triggered if two service tickets are being obtained simultaneously via a cross-realm path of three or more realms and if the KDC rejects requests with the canonicalize flag (MIT Kerberos v5 releases older than 1.3.2) (2) The profile library when storing a profile from memory to a file failed to double quote the null string value on the right hand side of an entry. This would result in a profile file that could not be parsed. Changes since Beta 1 ==================== (1) Updated HtmlHelp user documentation with basic indexing (2) Updated PDF user documentation (3) Fix the Kerberos v4 configuration panel in the Obtain New Credentials dialog so that it works even if the global use Kerberos v4 flag says not to. (4) Initialize the default identity from existing credentials if there has never been a default identity specified before (5) Renew identities that are imported from MSLSA by importing if and only if the user did not manually obtain credentials for the same identity later on. (6) When renewing an identity that was imported from the MSLSA, if the credentials are expired (or otherwise not useful) initialize the MSLSA ccache and try again. (7) Improvements in hot spot handling (8) Improvements in Advanced view column sort order handling (9) Add a Taskbar button to the main window and the obtain new credentials and change password dialogs (10) Add a vertical scrollbar to the realm list in the Obtain New Credentials and Change Password dialogs (11) File Version information was missing from a number of the Kerberos utility commands. (12) The NIM About dialog could not be closed via Alt-F4 (13) The Integrated Logon Event Log name was changed to "MIT Kerberos". Logging of failure to find the "Debug" registry value was removed. Use case-insensitive tests for the Windows Station to ensure that the "interactive" state can be properly determined on Vista. Clean up orphaned cache files (older than five minutes.) Properly find the kfwcpcc.exe executable. (14) Significantly improved Network Identity Manager Developer documentation. Supported Versions of Microsoft Windows ======================================= This release requires 32-bit editions of Microsoft Windows 2000 and higher or the WOW64 environment of 64-bit editions of Microsoft Windows XP and higher. Microsoft Vista User Account Control (UAC) ========================================== Microsoft Vista UAC mode prevents accounts that are members of the local Administrators group from accessing Kerberos session keys from the LSA credentials cache. The MIT Kerberos MSLSA krb5_ccache type will not report the existence of Kerberos tickets which do not have valid session keys. Users are encouraged to login to Microsoft Vista with accounts that are not members of the local machine Administrators group in order to obtain the best single sign-on experience with MIT Kerberos for Windows and Network Identity Manager. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/dist/index.html Acknowledgments =============== Thanks to Stanford University for funding Secure Endpoints Inc.'s implementation of many of the Network Identity Manager user experience improvements including the user configurable default action, the revised "Obtain New Credentials" dialog, the new default application view, and the improved alert management. Secure Endpoints Inc. wishes to acknowledge the work of Asanka Herath on Network Identity Manager (NIM). NIM would not be the same without him. For information on Secure Endpoints Inc.'s future plans for NIM please see http://www.secure-endpoints.com/netidmgr/roadmap.html A special thanks to Kevin Koch, the newest member of the MIT Kerberos team, for his work on the automated build scripts used to produce this release. Important notice regarding Kerberos 4 support ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos@mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRjEL9abDgE/zdoE9AQKkCQQA1/+x5dEg2fZx+mn2HDlhXKSdqzvVYoDW lYWdQfZsZKo78orZ/fGAQ2BsZkWmiZYn2LwJLqH3jFWMbKhptebyZkjoWJkGD9nv I2Et4LDbgGe4fX2cXbcIEqkxQKstt7GjINb/cvqaYLKysBEgQ114GS/K7HmYbimx QoFPLsMr3l8= =ECva -----END PGP SIGNATURE----- From tlyu@MIT.EDU Thu May 3 18:00:05 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l43M04kG018031 for ; Thu, 3 May 2007 18:00:04 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l43M046b019564 for ; Thu, 3 May 2007 18:00:04 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l43M02E5008255 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 3 May 2007 18:00:03 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l43M02bW005677; Thu, 3 May 2007 18:00:02 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: Kerberos for Windows 3.2 is released From: Tom Yu Date: Thu, 03 May 2007 17:59:59 -0400 Message-ID: Lines: 329 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id l43M04kG018031 X-Mailman-Approved-At: Thu, 03 May 2007 18:00:42 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 May 2007 22:00:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Development Team and Secure Endpoints Inc. are proud to announce the release of MIT's Kerberos for Windows product, Version 3.2. Supported Versions of Microsoft Windows ======================================= This release requires 32-bit editions of Microsoft Windows 2000 and higher or the WOW64 environment of 64-bit editions of Microsoft Windows XP and higher. There is no native 64-bit library support in this release. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/dist/index.html What's New in KFW 3.2: ====================== * Network Identity Manager Application o A simplified basic mode has been added to the "obtain new credentials dialog". The basic mode replaces the credential browser with a button that can be used to access the advanced configuration functions. This advanced mode provides the credential browser and a tabbed view of the configuration dialogs for each of the available credential providers. o A simplified default application view that shows only the status of the active identities. o A new command-line option to netidmgr.exe is available to shutdown a running instance of Network Identity Manager. Specify "-x" or "--exit" to force the existing instance to terminate. o The use of ellipsis on menu items now follows the Windows Style Guide. Ellipsis is only used when additional information is required from the user before carrying out the designated action. If displaying a dialog is the action, no ellipsis is used. o Improved handling of window focus when opening and closing modal dialogs. o Reduce the number of alerts presented to the user by combining duplicates into a single alert. o Do not generate alerts if there is nothing that the user can do to correct the situation. Alerts that are displayed provide actions the user can take if desired. o Renew and Destroy menus provide "All" and "Individual identity names" as choices. o The Renew and Destroy toolbar buttons provide dropdown menus permitting the action to be applied to either "All" or one specific identity. o The "default" action of left clicking the notification icon is now configurable. The default configuration is "open/close NIM window". The alternate is to open the new credentials dialog. This can be specified by the user on the General Options page. o The alerter window can now display multiple alerts simultaneously. o Ensure that the NIM window is displayed on an active desktop. If not, move it to the primary desktop and center it. o New Basic mode display that shows only the state of the identity and its expiration time. Use F7 or View->Advanced to switch to the previous display that is configurable by the user to show details about each credential. o New Color Scheme derived from current Windows Desktop Color Scheme. o Improved display updating algorithms reduce flicker o The proper icon sizes are now used in the information bubble and the status bar. o Task Bar buttons are created for visible windows and dialogs o Plug-in Help can now be added to the Help menu o Improved HtmlHelp user documentation with Indexing o Improved HtmlHelp developer documentation with Indexing o Improved PDF user documentation * Network Identity Manager Kerberos v5 Support o Do not show cached prompts to user if they have expired o Correct the possibility that a krb5_ccache handle might be freed twice. o Import settings from Kerberos Profile if there are no equivalent defaults specified in the registry. Support per-realm settings. o An identity that matches the MSLSA will not renew its credentials from the MSLSA if the user obtained the credentials from elsewhere. o When importing an identity from the MSLSA that has never been seen before, create an entry in the identity database. o Do not attempt to renew non-renewable identities o Permit an identity to be configured as the default identity even if it doesn't have any credentials. * Kerberos v5 Library Improvements o Based on MIT release 1.6+ o On Vista MSLSA: krb5_ccache can be used to store tickets including TGTs for alternative principals to the LSA credential cache o On Vista a more efficient interface for enumerating the contents of the LSA credential cache is available. o Vista support is only built if the Vista SDK version of NTSecAPI.H is used. o On Vista, if a process is UAC limited, the MSLSA will report that no tickets are present in the cache rather than return tickets with invalid session keys. o get_os_ccname() uses GetEnvironmentVariable() instead of getenv() to read the KRB5CCNAME environment variable. This allows the correct default credential cache name to be returned by krb5_cc_default_name(). This works around a problem where a gssapi application would trigger an Obtain New Credentials prompt from NIM only to have it obtain the wrong credential cache. * Winsock Helper Library Improvements o DNS queries that terminate with a dot would not properly match the hostnames listed within the DNS response preventing a successful return. This resulted in "kinit -4" failing to find the KDCs. * Integrated Logon Improvements o Remove the reliance on the Windows Logon Event handler and replace it with a LogonScript that executes kfwlogon.dll via a call to rundll32.exe. This change permits the integrated logon functionality to work on all supported platforms: Windows 2000 to Windows Vista. o Disable the use of integrated logon if the Network Provider is called as a result of a non-interactive logon. The non-interactive logon does not process the specified LogonScript. As a result, the intermediate credential cache file would not be processed nor cleaned up. o Obtained credentials are stored into an API credential cache whose name is API: o Add a debugging mode which when activated logs to the Windows Application Event Log. [HKLM\System\CurrentControlSet\Services\MIT Kerberos\NetworkProvider] DWORD "Debug" * Leash32 Library Changes o Modify the leash functions to use krb5_string_to_deltat() to parse ticket_lifetime and renew_lifetime from the profile. Previously the leash functions expected those fields to be integer representation of minutes without the use of any units. This change is for consistency with KFM and the rest of the krb5 library. o Modify the private functions acquire_tkt_for_princ() and acquire_tkt_no_princ() that are called from gssapi32.dll so that they will work on Windows Vista and so that the MSLSA: principal is only imported if it matches the default identity and no credentials for that identity are present. o Remove all AFS functionality. Microsoft Vista User Account Control (UAC) Restrictions ======================================================= Microsoft Vista UAC mode prevents accounts that are members of the local Administrators group from accessing Kerberos session keys from the LSA credentials cache. The MIT Kerberos MSLSA krb5_ccache type will not report the existence of Kerberos tickets which do not have valid session keys. Users are encouraged to login to Microsoft Vista with accounts that are not members of the local machine Administrators group in order to obtain the best single sign-on experience with MIT Kerberos for Windows and Network Identity Manager. Acknowledgments =============== Thanks to Stanford University for funding Secure Endpoints Inc.'s implementation of many of the Network Identity Manager user experience improvements including the user configurable default action, the revised "Obtain New Credentials" dialog, the new default application view, and the improved alert management. Secure Endpoints Inc. wishes to acknowledge the work of Asanka Herath on Network Identity Manager (NIM). NIM would not be the same without him. For information on Secure Endpoints Inc.'s future plans for NIM please see http://www.secure-endpoints.com/netidmgr/roadmap.html A special thanks to Kevin Koch, the newest member of the MIT Kerberos team, for his work on the automated build scripts used to produce this release. Important notice regarding Kerberos 4 support in MIT Kerberos ============================================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. ** The MIT Kerberos Team has decided that the MIT Kerberos for ** Windows 3.x release series will be the last versions to contain ** Kerberos 4 support. Beginning with 4.0 release, MIT Kerberos for ** Windows will be Kerberos 5 only. At that time MIT will repackage ** the existing Kerberos 4 libraries in a stand-alone installer for ** those organizations that require continued use of Kerberos 4. ** MIT KFW 4.0 is targeted for release during the first quarter of ** 2008. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos@mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf Changes since Beta 3 ==================== (1) The krb5 api functions krb5_get_init_creds_password and krb5_get_init_creds_keytab permit the krb5_get_init_creds_opt pointer to be NULL. This case was not handled properly. Changes since Beta 2 ==================== (1) A race condition in krb5_get_creds_from_kdc_opt() resulting in a memory access error was fixed that could be triggered if two service tickets are being obtained simultaneously via a cross-realm path of three or more realms and if the KDC rejects requests with the canonicalize flag (MIT Kerberos v5 releases older than 1.3.2) (2) The profile library when storing a profile from memory to a file failed to double quote the null string value on the right hand side of an entry. This would result in a profile file that could not be parsed. Changes since Beta 1 ==================== (1) Updated HtmlHelp user documentation with basic indexing (2) Updated PDF user documentation (3) Fix the Kerberos v4 configuration panel in the Obtain New Credentials dialog so that it works even if the global use Kerberos v4 flag says not to. (4) Initialize the default identity from existing credentials if there has never been a default identity specified before (5) Renew identities that are imported from MSLSA by importing if and only if the user did not manually obtain credentials for the same identity later on. (6) When renewing an identity that was imported from the MSLSA, if the credentials are expired (or otherwise not useful) initialize the MSLSA ccache and try again. (7) Improvements in hot spot handling (8) Improvements in Advanced view column sort order handling (9) Add a Taskbar button to the main window and the obtain new credentials and change password dialogs (10) Add a vertical scrollbar to the realm list in the Obtain New Credentials and Change Password dialogs (11) File Version information was missing from a number of the Kerberos utility commands. (12) The NIM About dialog could not be closed via Alt-F4 (13) The Integrated Logon Event Log name was changed to "MIT Kerberos". Logging of failure to find the "Debug" registry value was removed. Use case-insensitive tests for the Windows Station to ensure that the "interactive" state can be properly determined on Vista. Clean up orphaned cache files (older than five minutes.) Properly find the kfwcpcc.exe executable. (14) Significantly improved Network Identity Manager Developer documentation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRjpbYqbDgE/zdoE9AQKbfgP/f+T/6ZAcvdZR3fA6at8sxkl8lOngkT69 1GfuG4nO18JWVlC0qASRZ6kqeidZ1+XMM3qWvdLbyut2GrxEpcuGYmr3x2JKXSKO bTbNpZIZXlFjYVzSAfLYokKgqOjC06CVlXC/Vb0G1L0syYC0hXdeofmJC5guMqGo EYIxBlopK9I= =Ba0e -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Jun 26 14:01:23 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l5QI1N33015515 for ; Tue, 26 Jun 2007 14:01:23 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l5QI1NI0024477 for ; Tue, 26 Jun 2007 14:01:23 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l5QI1MgD023098 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 26 Jun 2007 14:01:22 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l5QI1L0X028967; Tue, 26 Jun 2007 14:01:21 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities From: Tom Yu Date: Tue, 26 Jun 2007 14:01:21 -0400 Message-ID: Lines: 257 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Tue, 26 Jun 2007 14:01:39 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2007 18:01:25 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-004 Original release: 2007-06-26 Last update: 2007-06-26 Topic: kadmind affected by multiple RPC library vulnerabilities Severity: CRITICAL CVE: CVE-2007-2442 CERT: VU#356961 CVE: CVE-2007-2443 CERT: VU#365313 SUMMARY ======= The MIT krb5 Kerberos administration daemon (kadmind) is affected by multiple vulnerabilities in the RPC library shipped with MIT krb5. CVE-2007-2442/VU#356961: The RPC library can free an uninitialized pointer. This may lead to execution of arbitrary code. CVE-2007-2443/VU#365313: The RPC library can write past the end of a stack buffer. This may (but is unlikely to) lead to execution of arbitrary code. Third-party applications using the RPC library provided with MIT krb5 may also be vulnerable. Other RPC libraries derived from SunRPC may be vulnerable to CVE-2007-2443. Exploitation of these vulnerabilities is believed to be difficult. (See DETAILS.) Proof-of-concept exploits which do not cause execution of unintended code exist but are not known to be publicly circulated. This is a bug in the RPC library included with MIT krb5, which is used by kadmind and by some third-party applications. It is not a bug in the Kerberos protocol. IMPACT ====== An unauthenticated remote user may be able to cause a host running kadmind to execute arbitrary code. CVE-2007-2442 is more likely to lead to arbitrary code execution than CVE-2007-2443. Successful exploitation can compromise the Kerberos key database and host security on the host running these programs. (kadmind typically runs as root.) Unsuccessful exploitation attempts will likely result in the affected program crashing. Third-party applications calling the RPC library provided with MIT krb5 may be vulnerable. Other RPC libraries derived from SunRPC may be vulnerable. AFFECTED SOFTWARE ================= * kadmind from MIT releases up to and including krb5-1.6.1 * third-party applications calling the RPC library included in MIT releases up to and including krb5-1.6.1 FIXES ===== * The upcoming krb5-1.6.2 release, as well as the upcoming krb5-1.5.4 maintenance release, will contain fixes for this vulnerability. Prior to that release you may: * apply the patch This patch is also available at http://web.mit.edu/kerberos/advisories/2007-004-patch.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc *** src/lib/rpc/svc_auth_gssapi.c (revision 20015) - --- src/lib/rpc/svc_auth_gssapi.c (local) *************** *** 149,154 **** - --- 149,156 ---- rqst->rq_xprt->xp_auth = &svc_auth_none; memset((char *) &call_res, 0, sizeof(call_res)); + creds.client_handle.length = 0; + creds.client_handle.value = NULL; cred = &msg->rm_call.cb_cred; verf = &msg->rm_call.cb_verf; *** src/lib/rpc/svc_auth_unix.c (revision 20015) - --- src/lib/rpc/svc_auth_unix.c (local) *************** *** 64,71 **** char area_machname[MAX_MACHINE_NAME+1]; int area_gids[NGRPS]; } *area; ! u_int auth_len; ! int str_len, gid_len; register int i; rqst->rq_xprt->xp_auth = &svc_auth_none; - --- 64,70 ---- char area_machname[MAX_MACHINE_NAME+1]; int area_gids[NGRPS]; } *area; ! u_int auth_len, str_len, gid_len; register int i; rqst->rq_xprt->xp_auth = &svc_auth_none; *************** *** 74,80 **** aup = &area->area_aup; aup->aup_machname = area->area_machname; aup->aup_gids = area->area_gids; ! auth_len = (u_int)msg->rm_call.cb_cred.oa_length; xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); buf = XDR_INLINE(&xdrs, (int)auth_len); if (buf != NULL) { - --- 73,81 ---- aup = &area->area_aup; aup->aup_machname = area->area_machname; aup->aup_gids = area->area_gids; ! auth_len = msg->rm_call.cb_cred.oa_length; ! if (auth_len > INT_MAX) ! return AUTH_BADCRED; xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); buf = XDR_INLINE(&xdrs, (int)auth_len); if (buf != NULL) { *************** *** 84,90 **** stat = AUTH_BADCRED; goto done; } ! memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len); aup->aup_machname[str_len] = 0; str_len = RNDUP(str_len); buf += str_len / BYTES_PER_XDR_UNIT; - --- 85,91 ---- stat = AUTH_BADCRED; goto done; } ! memmove(aup->aup_machname, buf, str_len); aup->aup_machname[str_len] = 0; str_len = RNDUP(str_len); buf += str_len / BYTES_PER_XDR_UNIT; *************** *** 104,110 **** * timestamp, hostname len (0), uid, gid, and gids len (0). */ if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { ! (void) printf("bad auth_len gid %d str %d auth %d\n", gid_len, str_len, auth_len); stat = AUTH_BADCRED; goto done; - --- 105,111 ---- * timestamp, hostname len (0), uid, gid, and gids len (0). */ if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { ! (void) printf("bad auth_len gid %u str %u auth %u\n", gid_len, str_len, auth_len); stat = AUTH_BADCRED; goto done; REFERENCES ========== This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CVE-2007-2442 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442 CVE: CVE-2007-2443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443 CERT: VU#356961 http://www.kb.cert.org/vuls/id/356961 CERT: VU#365313 http://www.kb.cert.org/vuls/id/365313 ACKNOWLEDGMENTS =============== We thank McAfee, Inc. for the initial notification. Wei Wang of McAfee Avert Labs discovered these vulnerabilities. DETAILS ======= CVE-2007-2442: The function gssrpc__svcauth_gssapi() in src/lib/rpc/svc_auth_gssapi.c declares an automatic variable "creds" of type auth_gssapi_creds. This type includes a gss_buffer_desc (which includes a pointer to void used as a pointer to a buffer of bytes). If gssrpc__svcauth_gssapi() receives an RPC credential with a length of zero, it jumps to the label "error", which executes some cleanup code. At this point, the gss_buffer_desc in "creds" is not yet initialized, and the cleanup code calls xdr_free() on "creds", which then attempts to free the memory pointed to by the uninitialized "value" member of the gss_buffer_desc. Exploitation of freeing of invalid pointers is believed to be difficult, and depends on a variety of factors specific to a given malloc implementation. CVE-2007-2443: The function gssrpc__svcauth_unix() in src/lib/rpc/svc_auth_unix.c stores an unsigned integer obtained from IXDR_GET_U_LONG into a signed integer variable "str_len". Subsequently, it checks that "str_len" is less than MAX_MACHINE_NAME, which will always be true of "str_len" is negative, which can happen when a large unsigned integer is converted to a signed integer. Once the length check succeeds, gssrpc__svcauth_unix() calls memmove() with a length of "str_len" with the target in a stack buffer. This vulnerability is believed to be difficult to exploit because the memmove() implementation receives a very large number (a negative integer converted to a large unsigned value), which will almost certainly cause some sort of memory access fault prior to returning. This probably avoids any usage of the corrupted return address in the overwritten stack frame. Note that some (perhaps unlikely) memmove() implementations may call other procedures and thus may be vulnerable to corrupted return addresses. REVISION HISTORY ================ 2007-06-26 original release Copyright (C) 2007 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRoFJz6bDgE/zdoE9AQL7gAP9E854ZZEi6Vk4sl0CbNYW3UifSZd4MQy2 djW5S/sO93k0Tji/+VQwyG5iIiWIsfotaS66ZuU80K8YTiEfXmyDp81uUUvRMJFT 8i4/L1yf43gA49GF8PV3QqS5QmzMoz8x0vp9OyUq4S/Yh4MpkcnTHW9xU1Fxdhe/ ZJxXE06kRIU= =Fcvv -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Jun 26 14:01:29 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l5QI1Sak015527 for ; Tue, 26 Jun 2007 14:01:29 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l5QI1SDh024521 for ; Tue, 26 Jun 2007 14:01:28 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l5QI1R2L023145 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 26 Jun 2007 14:01:28 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l5QI1RrR028979; Tue, 26 Jun 2007 14:01:27 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow From: Tom Yu Date: Tue, 26 Jun 2007 14:01:27 -0400 Message-ID: Lines: 229 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Tue, 26 Jun 2007 14:01:39 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2007 18:01:29 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-005 Original release: 2007-06-26 Last update: 2007-06-26 Topic: kadmind vulnerable to buffer overflow Severity: CRITICAL CVE: CVE-2007-2798 CERT: VU#554257 SUMMARY ======= The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a stack buffer overflow. Exploitation of overflows of stack buffers is known to be simple. We have received a proof-of-concept exploit which may invoke a shell, but we believe that this exploit is not publicly circulated. This is a bug in kadmind in MIT krb5. It is not a bug in the Kerberos protocol. IMPACT ====== An authenticated remote user may be able to cause a host running kadmind to execute arbitrary code. Successful exploitation can compromise the Kerberos key database and host security on the KDC host. (kadmind typically runs as root.) Unsuccessful exploitation attempts will likely result in kadmind crashing. AFFECTED SOFTWARE ================= * kadmind from MIT releases up to and including krb5-1.6.1 FIXES ===== * The upcoming krb5-1.6.2 release, as well as the upcoming krb5-1.5.4 maintenance release, will contain fixes for this vulnerability. Prior to that release you may: * apply the patch This patch has the patch in MITKRB5-SA-2007-002 as a prerequisite. The krb5-1.6.1 and krb5-1.5.3 releases already contains the prerequisite patch. This patch is also available at http://web.mit.edu/kerberos/advisories/2007-005-patch.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2007-005-patch.txt.asc *** src/kadmin/server/server_stubs.c (revision 20024) - --- src/kadmin/server/server_stubs.c (local) *************** *** 545,557 **** static generic_ret ret; char *prime_arg1, *prime_arg2; - - char prime_arg[BUFSIZ]; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; char *errmsg; xdr_free(xdr_generic_ret, &ret); - --- 545,558 ---- static generic_ret ret; char *prime_arg1, *prime_arg2; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; char *errmsg; + size_t tlen1, tlen2, clen, slen; + char *tdots1, *tdots2, *cdots, *sdots; xdr_free(xdr_generic_ret, &ret); *************** *** 572,578 **** ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } ! sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2); ret.code = KADM5_OK; if (! CHANGEPW_SERVICE(rqstp)) { - --- 573,586 ---- ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } ! tlen1 = strlen(prime_arg1); ! trunc_name(&tlen1, &tdots1); ! tlen2 = strlen(prime_arg2); ! trunc_name(&tlen2, &tdots2); ! clen = client_name.length; ! trunc_name(&clen, &cdots); ! slen = service_name.length; ! trunc_name(&slen, &sdots); ret.code = KADM5_OK; if (! CHANGEPW_SERVICE(rqstp)) { *************** *** 590,597 **** } else ret.code = KADM5_AUTH_INSUFFICIENT; if (ret.code != KADM5_OK) { ! log_unauth("kadm5_rename_principal", prime_arg, ! &client_name, &service_name, rqstp); } else { ret.code = kadm5_rename_principal((void *)handle, arg->src, arg->dest); - --- 598,612 ---- } else ret.code = KADM5_AUTH_INSUFFICIENT; if (ret.code != KADM5_OK) { ! krb5_klog_syslog(LOG_NOTICE, ! "Unauthorized request: kadm5_rename_principal, " ! "%.*s%s to %.*s%s, " ! "client=%.*s%s, service=%.*s%s, addr=%s", ! tlen1, prime_arg1, tdots1, ! tlen2, prime_arg2, tdots2, ! clen, client_name.value, cdots, ! slen, service_name.value, sdots, ! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); } else { ret.code = kadm5_rename_principal((void *)handle, arg->src, arg->dest); *************** *** 600,607 **** else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); ! log_done("kadm5_rename_principal", prime_arg, errmsg, ! &client_name, &service_name, rqstp); } free_server_handle(handle); free(prime_arg1); - --- 615,629 ---- else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); ! krb5_klog_syslog(LOG_NOTICE, ! "Request: kadm5_rename_principal, " ! "%.*s%s to %.*s%s, %s, " ! "client=%.*s%s, service=%.*s%s, addr=%s", ! tlen1, prime_arg1, tdots1, ! tlen2, prime_arg2, tdots2, errmsg, ! clen, client_name.value, cdots, ! slen, service_name.value, sdots, ! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); } free_server_handle(handle); free(prime_arg1); REFERENCES ========== This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CVE-2007-2798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798 CERT: VU#554257 http://www.kb.cert.org/vuls/id/554257 ACKNOWLEDGMENTS =============== We thank iDefense for the initial notification. iDefense credits an anonymous discoverer. DETAILS ======= The kadmind code which performs the principal renaming operation passes unchecked string arguments to a sprintf() call which has a fixed-size stack buffer as its destination. These strings are the old and new principal names passed to the rename operation. The attacker needs to authenticate to kadmind to perform this attack, but no administrative privileges are required because the vulnerable code executes prior to privilege verification. REVISION HISTORY ================ 2007-06-26 original release Copyright (C) 2007 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRoFJ16bDgE/zdoE9AQJKkQP/V95mZTlvUeuc1+Pw6m3vx+0jd2yGdR9Y NiM1Kfe80u4TjvXIkCLLrIwE2E8+xSjEpGsG0EBqlRpAKOMtXyfzySYF4RdQl8QI 42joEAhYO4sk4xueb9ZC/GW1BCOobkvH+Apq1mXEndfeM/7QHRo/MJRZry8aek8r Xfd3cRNQogQ= =JE8k -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Jul 10 22:59:52 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l6B2xqHl027802 for ; Tue, 10 Jul 2007 22:59:52 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l6B2xpTE029874 for ; Tue, 10 Jul 2007 22:59:51 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l6B2xo8P017812 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 10 Jul 2007 22:59:51 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l6B2xo0i012846; Tue, 10 Jul 2007 22:59:50 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: krb5-1.6.2 is released From: Tom Yu Date: Tue, 10 Jul 2007 22:59:46 -0400 Message-ID: Lines: 32 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Tue, 10 Jul 2007 23:03:35 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jul 2007 02:59:52 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.6.2. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.6.2 =================================== You may retrieve the Kerberos 5 Release 1.6.2 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.6.2 release is: http://web.mit.edu/kerberos/krb5-1.6/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES ============= * fix MITKRB5-SA-2007-004: kadmind affected by multiple RPC library vulnerabilities [CVE-2007-2442/VU#356961, CVE-2007-2443/VU#365313] * fix MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow [CVE-2007-2798/VU#554257] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRpRHpqbDgE/zdoE9AQJ9pgP/fyCmzbkez/F6TG9FnIsreaAzhcnjSj8p g9xaK8U9d9X5pBZSZ1qKySEm0a/ZMLzrQPU7g6WhjrhN/butHDDc7xLFp4JieZGv a2sBhhYFn7IX+lg3nmCttqQQFnqeWbD+OZP6FVzNvlN1jm4KXBSUl0msB57YJysF s3qsUWv5fhc= =Luq2 -----END PGP SIGNATURE----- From tlyu@MIT.EDU Tue Jul 10 23:00:05 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l6B305Mf027850 for ; Tue, 10 Jul 2007 23:00:05 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l6B304On029961 for ; Tue, 10 Jul 2007 23:00:05 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l6B304ib017850 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 10 Jul 2007 23:00:04 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l6B304iE012869; Tue, 10 Jul 2007 23:00:04 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: krb5-1.5.4 is released From: Tom Yu Date: Tue, 10 Jul 2007 22:59:54 -0400 Message-ID: Lines: 35 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Mailman-Approved-At: Tue, 10 Jul 2007 23:03:36 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jul 2007 03:00:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.5.4. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. This is a security fix release. Note that the krb5-1.5.x release series is in maintenance, meaning that only critical bugs (including security vulnerabilities) will be fixed. Please use a release from the krb5-1.6.x series if possible. RETRIEVING KERBEROS 5 RELEASE 1.5.4 =================================== You may retrieve the Kerberos 5 Release 1.5.4 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.5.4 release is: http://web.mit.edu/kerberos/krb5-1.6/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES ============= * fix MITKRB5-SA-2007-004: kadmind affected by multiple RPC library vulnerabilities [CVE-2007-2442/VU#356961, CVE-2007-2443/VU#365313] * fix MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow [CVE-2007-2798/VU#554257] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRpRHtKbDgE/zdoE9AQJvDAP/V2OpphIlAMbv0DIwB/5s9FPzdOBtK117 dRYCXQQJVtFK1Tbe8FS2f3aQGGtVdWca71HQFFDbQOMY/pyv0lu8x6MucBsF/fpA T1r7ebbinR9lw5bV6fFJGO7wRuTljPNy6j/4xsjceC+vwu9muTCZ6p/8eK6ZuZ+d z2Zl8IB+/Zg= =35DZ -----END PGP SIGNATURE----- From tlyu@MIT.EDU Thu Aug 16 18:31:43 2007 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l7GMVhGV017660 for ; Thu, 16 Aug 2007 18:31:43 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id l7GMVhka007890 for ; Thu, 16 Aug 2007 18:31:43 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id l7GMVgAC011964 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 16 Aug 2007 18:31:42 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id l7GMVgli019246; Thu, 16 Aug 2007 18:31:42 -0400 (EDT) To: kerberos-announce@MIT.EDU Subject: Kerberos for Windows 3.2.1 is released From: Tom Yu Date: Thu, 16 Aug 2007 18:31:37 -0400 Message-ID: Lines: 264 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-By: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id l7GMVhGV017660 X-Mailman-Approved-At: Thu, 16 Aug 2007 18:32:08 -0400 X-BeenThere: kerberos-announce@mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: kerberos@mit.edu List-Id: "Kerberos announcements \(moderated\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Aug 2007 22:31:44 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Development Team and Secure Endpoints Inc. are proud to announce the release of MIT's Kerberos for Windows product, Version 3.2.1. Please send bug reports and feedback to kfw-bugs@mit.edu. Supported Versions of Microsoft Windows ======================================= This release requires 32-bit editions of Microsoft Windows 2000 and higher or the WOW64 environment of 64-bit editions of Microsoft Windows XP and higher. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/dist/index.html What's New in KFW 3.2.1: ======================== * Network Identity Manager Application o The default identity background color has been removed. o The Basic view updates to reflect deleted and modified identities. o The watermark can be controlled by a registry setting. * Kerberos v5 Library Improvements o Based on krb5-1.6.2 What's New in KFW 3.2: ====================== * Network Identity Manager Application o A simplified basic mode has been added to the "obtain new credentials dialog". The basic mode replaces the credential browser with a button that can be used to access the advanced configuration functions. This advanced mode provides the credential browser and a tabbed view of the configuration dialogs for each of the available credential providers. o A simplified default application view that shows only the status of the active identities. o A new command-line option to netidmgr.exe is available to shutdown a running instance of Network Identity Manager. Specify "-x" or "--exit" to force the existing instance to terminate. o The use of ellipsis on menu items now follows the Windows Style Guide. Ellipsis is only used when additional information is required from the user before carrying out the designated action. If displaying a dialog is the action, no ellipsis is used. o Improved handling of window focus when opening and closing modal dialogs. o Reduce the number of alerts presented to the user by combining duplicates into a single alert. o Do not generate alerts if there is nothing that the user can do to correct the situation. Alerts that are displayed provide actions the user can take if desired. o Renew and Destroy menus provide "All" and "Individual identity names" as choices. o The Renew and Destroy toolbar buttons provide dropdown menus permitting the action to be applied to either "All" or one specific identity. o The "default" action of left clicking the notification icon is now configurable. The default configuration is "open/close NIM window". The alternate is to open the new credentials dialog. This can be specified by the user on the General Op