From tlyu at MIT.EDU Wed Jul 14 18:03:10 2004 From: tlyu at MIT.EDU (Tom Yu) Date: Wed Jul 14 17:04:49 2004 Subject: MIT Kerberos for Windows 2.6.4 is released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos for Windows 2.6.4. The distribution packages and Release Notes are available from the download link on the MIT Kerberos distribution page, http://web.mit.edu/kerberos/dist/ The main MIT Kerberos web page is http://web.mit.edu/kerberos/ MIT Kerberos for Windows 2.6.4 is a bug fix release containing the following changes: * Solve problem in MSLSA: ccache which would result in premature process termination on non-English versions of Windows if Kerberos credentials were not available from LSA credential manager. * Apply automatic import restrictions from the MSLSA credentials cache to the GSSAPI acquire credentials when necessary code. * Kerberos 5 library updated to release 1.3.4. See the Kerberos 5 README file for details of the changes in the Kerberos 5 version 1.3.4 distribution. * The Microsoft LSA Cache since its release has suffered from two deficiencies: (1) the KERB_EXTERNAL_TICKET does not provide a field containing the Client Principal's Realm; and (2) the LSA will not cache tickets if either a specific set of ticket flags or encryption types are specified. Microsoft will soon be making available via PSS a fix for Windows XP and Windows 2003 which will allow KFW to properly determine the Client Principal's Realm for all tickets in the LSA cache and instruct the LSA to cache all tickets obtained via the MSLSA: krb5_ccache interface. KFW 2.6.4 Beta 2 contains the code necessary to recognize that the fix has been installed and do the right thing to take advantage of this new (corrected) functionality. * a minor fix to the SDK * a change to the installer to support XP SP2 compatibility * a fix to the MSLSA to further reduce the number of queries sent to the KDC * Installer modified to create Terminal Server application compatibility registry entries * leash extended dialog functions corrected to properly implement forward compatibility MIT requests that all organizations which are distributing Kerberos for Windows update to this release. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (SunOS) iQCVAwUBQPWfnqbDgE/zdoE9AQGOnAQAiP7Vd+lpMu81mpFA5WlC16xbsuXB1sjW GKJ0xdsjqpsNoPvWxpIXJF/sM8sAUTOV3edf6Ih046aO3gWaathJ9EOCpvlhXa7k 9R6DOG+UNESCeZB/pXXxhSdoL2B1uqUYLPfl52SRZOsO5tI4p+uR/lzu0RH3L34k ITAuY1hxhlI= =KJuX -----END PGP SIGNATURE----- From tlyu at MIT.EDU Tue Aug 31 15:29:57 2004 From: tlyu at MIT.EDU (Tom Yu) Date: Tue Aug 31 14:32:32 2004 Subject: MITKRB5-SA-2004-002: double-free vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2004-002 Original release: 2004-08-31 Topic: double-free vulnerabilities in KDC and libraries Severity: CRITICAL SUMMARY ======= The MIT Kerberos 5 implementation's Key Distribution Center (KDC) program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire authentication realm served by the KDC. Additionally, double-free vulnerabilities exist in MIT Kerberos 5 library code, making client programs and application servers vulnerable. Exploitation of double-free bugs is believed to be difficult. No exploits are known to exist for these vulnerabilities. IMPACT ====== * A unauthenticated remote attacker can potentially execute arbitrary code on a KDC host, compromising an entire Kerberos realm. [CAN-2004-0642] * A remote attacker can potentially execute arbitrary code on a host running krb524d, possibly compromising an entire Kerberos realm if the host is a KDC host. [CAN-2004-0772] * An authenticated attacker can also potentially execute arbitrary code on hosts running vulnerable services. [CAN-2004-0643] * An attacker impersonating a legitimate KDC or application server can potentially execute arbitrary code on a client host while the client is authenticating. [CAN-2004-0642] AFFECTED SOFTWARE ================= * KDC software from all releases of MIT Kerberos 5 up to and including krb5-1.3.4. [CAN-2004-0642] * The krb524d program from krb5-1.2.8 and later. The krb524d present in earlier releases is vulnerable if it has been patched to disable krb4 cross-realm functionality. [CAN-2004-0772] * Applications calling the krb5_rd_cred() function in releases prior to krb5-1.3.2. Such applications in the MIT krb5 releases include the remote login daemons (krshd, klogind, and telnetd) and the FTP daemon. The krb5_rd_cred() function decrypts and decodes forwarded Kerberos credentials. Third-party applications calling this function directly or indirectly (by means of the GSSAPI or other libraries) are vulnerable. [CAN-2004-0643] * Client code from all releases of MIT Kerberos 5 up to and including krb5-1.3.4. Third-party applications directly or indirectly calling client library functions may also be vulnerable. [CAN-2004-0642] FIXES ===== * The upcoming krb5-1.3.5 release will contain fixes for these problems. * Apply the appropriate patch or patches referenced below, and rebuild the software. - If you are running krb5-1.3 through krb5-1.3.4, apply 2004-002-patch_1.3.4.txt. - If you are running krb5-1.3 through krb5-1.3.1, apply 2004-002-patch_1.3.1.txt. - If you are running krb5-1.2.8, apply 2004-002-patch_1.2.8.txt. - Things become more complicated if you are running krb5-1.2 through krb5-1.2.7. The correct set of patches to apply will depend on whether you have applied the patches to disable krb4 cross-realm functionality [MITKRB5-SA-2003-004]. + If you are running krb5-1.2.6 through krb5-1.2.7, and have applied the patches to disable krb4 cross-realm functionality, apply 2004-002-patch_1.2.8.txt. + If you are running krb5-1.2 through krb5-1.2.5, and have applied the patches to disable krb4 cross-realm functionality, apply 2004-002-patch_1.2.7.txt, followed by 2004-002-k524d_patch_1.2.5.txt. + If you are running krb5-1.2 through krb5-1.2.7, and have not applied the patches to disable krb4 cross-realm functionality, apply 2004-002-patch_1.2.7.txt. Summary chart of patches to apply for releases krb5-1.2 through krb5-1.2.7: | patched for 2003-004 | not patched for 2003-004 -----------+--------------------------------+-------------------------- krb5-1.2.7 | | -----------+ 2004-002-patch_1.2.8.txt | krb5-1.2.6 | | -----------+--------------------------------+ 2004-002-patch_1.2.7.txt krb5-1.2.5 | 2004-002-patch_1.2.7.txt | through | and | krb5-1.2 | 2004-002-k524d_patch_1.2.5.txt | Patches available: * Patch for krb5-1.3.4 (2004-002-patch_1.3.4.txt) * Patch for krb5-1.3.1 (2004-002-patch_1.3.1.txt) * Patch for krb5-1.2.8 (2004-002-patch_1.2.8.txt) * Patch for krb5-1.2.7 (2004-002-patch_1.2.7.txt) * Patch for krb524d in krb5-1.2.5 which has been previously patched to disable krb4 cross-realm (2004-002-k524d_patch_1.2.5.txt) Note: Each patch are generated against the specific release noted above. The patches may apply with some offset against other compatible releases listed above. 2004-002-patch_1.3.4.txt ======================== http://web.mit.edu/kerberos/advisories/2004-002-patch_1.3.4.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-002-patch_1.3.4.txt.asc 2004-002-patch_1.3.1.txt ======================== http://web.mit.edu/kerberos/advisories/2004-002-patch_1.3.1.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-002-patch_1.3.1.txt.asc 2004-002-patch_1.2.8.txt ======================== http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.8.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-002-patch_128.txt.asc 2004-002-patch_1.2.7.txt ======================== http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.7.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.7.txt.asc 2004-002-k524d_patch_1.2.5.txt ============================== http://web.mit.edu/kerberos/advisories/2004-002-k524d_patch_1.2.5.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-002-k524d_patch_1.2.5.txt.asc REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CERT VU#795632 http://www.kb.cert.org/vuls/id/795632 CVE CAN-2004-0642 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0642 KDC and client libraries double-free on error conditions in MIT Kerberos 5 releases krb5-1.3.4 and earlier, allowing unauthenticated remote attackers to execute arbitrary code CERT VU#866472 http://www.kb.cert.org/vuls/id/866472 CVE CAN-2004-0643 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0643 krb5_rd_cred() double-frees on error conditions in MIT Kerberos 5 releases krb5-1.3.1 and earlier, allowing authenticated attackers to execute arbitrary code VU#350792 http://www.kb.cert.org/vuls/id/350792 CVE CAN-2004-0772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0772 krb524d in krb5-1.2.8 and later double-frees on error conditions, allowing remote attackers to execute arbitrary code. Earlier releases patched for the krb4 protocol vulnerability [MITKRB5-SA-2003-004] are also vulnerable. ACKNOWLEDGMENTS =============== Thanks to Will Fiveash and Nico Williams at Sun for finding some of these vulnerabilities and for providing initial patches. Thanks to Marc Horowitz for discovering the krb524d vulnerability. Thanks to Nalin Dahyabhai for providing a corrected patch for krb524d in releases krb5-1.2 through krb5-1.2.5 in cases where krb524d has been patched to disable krb4 cross-realm functionality. Thanks to Joseph Galbraith and John Hawkinson, who both independently discovered the double-free in krb5_rd_cred() which was corrected in release krb5-1.3.2. DETAILS ======= In the MIT krb5 library, in all releases up to and including krb5-1.3.4, ASN.1 decoder functions and their callers do not use a consistent set of memory management conventions. The callers expect the decoders to allocate memory. The callers typically have error-handling code which frees memory allocated by the ASN.1 decoders if pointers to the allocated memory are non-null. Upon encountering error conditions, the ASN.1 decoders themselves free memory which they have allocated, but do not null the corresponding pointers. When some library functions receive errors from the ASN.1 decoders, they attempt to pass the non-null pointer (which points to freed memory) to free(), causing a double-free. In all releases of MIT krb5 up to and including krb5-1.3.4, cleanup code in the KDC frees memory returned by ASN.1 decoders. This cleanup code only frees memory pointed to by non-null pointers, but if an ASN.1 decoder returns an error, the cleanup code will free memory previously freed by the decoder. Implementations of krb5_rd_cred() prior to the krb5-1.3.2 release contained code to explicitly free the buffer returned by the ASN.1 decoder function decode_krb5_enc_cred_part() when the decoder returns an error. This is another double-free, since the decoder would itself free the buffer on error. Since decode_krb5_enc_cred_part() does not get called unless the decryption of the encrypted part of the KRB-CRED is successful, the attacker needs to have authenticated. This code was corrected in the krb5-1.3.2 release. The patch (introduced in krb5-1.2.8 and present in all subsequent releases) for disabling krb4 cross-realm authentication in krb524d introduced a double-free vulnerability. If handle_classic_v4() denies the conversion of a cross-realm ticket, v5tkt->enc_part2 gets freed but not nulled, so do_connection() double-frees many things when it subsequently calls krb5_free_ticket(). REVISION HISTORY ================ 2004-08-31 original release Copyright (C) 2004 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQTTAUabDgE/zdoE9AQHSFwP/S0bIduge4dDmZiTlDEUa5L1CjESpAq3O 905Ru47xTmKqKpCC6cpIxpFqeXZAZkc8HzIp4kaZUNJ3+cik2Mg+YSdP5mM9ys67 geZZoF6pufgh9Ym4gMK6YJjYxsJgSrEbcpgrYv710GEy1SqsE2o7O0Y5WSYv3Df+ 8Nz22+QoVzw= =dpRb -----END PGP SIGNATURE----- From tlyu at MIT.EDU Tue Aug 31 15:30:03 2004 From: tlyu at MIT.EDU (Tom Yu) Date: Tue Aug 31 14:32:33 2004 Subject: MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service Message-ID: -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2004-003 Original release: 2004-08-31 Topic: ASN.1 decoder denial of service Severity: serious SUMMARY ======= The ASN.1 decoder library in the MIT Kerberos 5 distribution is vulnerable to a denial-of-service attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack. IMPACT ====== * An unauthenticated remote attacker can cause a KDC or application server to hang inside an infinite loop. [CAN-2004-0644] * An attacker impersonating a legitimate KDC or application server may cause a client program to hang inside an infinite loop. [CAN-2004-0644] AFFECTED SOFTWARE ================= * KDC software and applications from MIT Kerberos 5 releases krb5-1.2.2 through krb5-1.3.4. * Applications using the MIT krb5 libraries from the above releases. FIXES ===== * The upcoming krb5-1.3.5 release will contain fixes for these problems. * Apply the appropriate patch referenced below, and rebuild the software. Patches available: * Patch against krb5-1.3.4 (should apply to earlier krb5-1.3.x releases) * Patch against krb5-1.2.8 (should apply to releases krb5-1.2.2 through krb5-1.2.7 as well) PATCH AGAINST krb5-1.3.4 ======================== * This patch was generated against krb5-1.3.4; it may apply, with some offset, to earlier krb5-1.3.x releases. This patch may also be found at: http://web.mit.edu/kerberos/advisories/2004-003-patch_1.3.4.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-003-patch_1.3.4.txt.asc Index: src/lib/krb5/asn.1/asn1buf.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/krb5/asn.1/asn1buf.c,v retrieving revision 5.24 *** src/lib/krb5/asn.1/asn1buf.c 12 Mar 2003 04:33:30 -0000 5.24 - --- src/lib/krb5/asn.1/asn1buf.c 23 Aug 2004 03:43:47 -0000 *************** *** 122,127 **** - --- 122,129 ---- return ASN1_OVERRUN; } while (nestlevel > 0) { + if (buf->bound - buf->next + 1 <= 0) + return ASN1_OVERRUN; retval = asn1_get_tag_2(buf, &t); if (retval) return retval; if (!t.indef) { PATCH AGAINST krb5-1.2.8 ======================== * This patch was generated against krb5-1.2.8; it may apply, with some offset, to releases krb5-1.2.2 through krb5-1.2.7. You are strongly encouraged to update to a release from the krb5-1.3.x series. This patch may also be found at: http://web.mit.edu/kerberos/advisories/2004-003-patch_1.2.8.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2004-003-patch_1.2.8.txt.asc Index: src/lib/krb5/asn.1/asn1buf.c =================================================================== RCS file: /cvs/krbdev/krb5/src/lib/krb5/asn.1/asn1buf.c,v retrieving revision 5.19.2.1 diff -c -r5.19.2.1 asn1buf.c *** src/lib/krb5/asn.1/asn1buf.c 31 Jan 2001 18:00:12 -0000 5.19.2.1 - --- src/lib/krb5/asn.1/asn1buf.c 23 Aug 2004 03:54:50 -0000 *************** *** 140,145 **** - --- 140,147 ---- return ASN1_OVERRUN; } while (nestlevel > 0) { + if (buf->bound - buf->next + 1 <= 0) + return ASN1_OVERRUN; retval = asn1_get_tag_indef(buf, &class, &construction, &tagnum, &taglen, &tagindef); if (retval) return retval; REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CERT VU#550464 http://www.kb.cert.org/vuls/id/550464 CVE CAN-2004-0644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0644 ASN.1 decoder bug in MIT Kerberos 5 releases krb5-1.2.2 through krb5-1.3.4 allows unauthenticated remote attackers to induce infinite loop, causing denial of service, including in KDC code ACKNOWLEDGMENTS =============== Thanks to Will Fiveash and Nico Williams at Sun for finding this vulnerability. DETAILS ======= The ASN.1 decoder in the MIT krb5 library handles indefinite-length BER encodings for the purpose of backwards compatibility with some non-conformant implementations. The ASN.1 decoders call asn1buf_sync() to skip any trailing unrecognized fields in the encoding of a SEQUENCE type. asn1buf_sync() calls asn1buf_skiptail() if the ASN.1 SEQUENCE type being decoded was encoded with an indefinite length. asn1buf_sync() is provided with a prefetched BER tag; a placeholder tag is provided by the prefetching code in the case where there is are no more octets in a sub-encoding. The loop in asn1buf_skiptail() which attempts to skip trailing sub-encodings of an indefinite-length SEQUENCE type does not properly check for end-of-subbuffer conditions or for the placeholder tag, leading to an infinite loop. Valid BER encodings cannot cause this condition; however, it is trivial to construct a corrupt encoding which will trigger the infinite loop. REVISION HISTORY ================ 2004-08-31 original release Copyright (C) 2004 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQTTAIKbDgE/zdoE9AQHyngP+OiwJxYxeHuhNjyXMyCr79mqJcsPP17DB tsDgQ9jZiD0m+I7rgu+PmPJQfl8qgfEZsEsW5QXppJoC0gIICSqdWbYypXjVzEfh N7g8ydTIOkKk5WP+ahisWyHiIWg/iX66dDLupzxufgb+1p/2CwoXgTszCBlQP67o 3LMSqXJGDfw= =RAVs -----END PGP SIGNATURE----- From tlyu at MIT.EDU Fri Sep 10 18:46:17 2004 From: tlyu at MIT.EDU (Tom Yu) Date: Fri Sep 10 17:47:35 2004 Subject: krb5-1.3.5 is released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.3.5. Please see below for a list of some major changes since krb5-1.3.4, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.3.5 =================================== You may retrieve the Kerberos 5 Release 1.3.5 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.3.5 release is: http://web.mit.edu/kerberos/krb5-1.3/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES SINCE RELEASE 1.3.4 ================================= * [2682] Fix ftpd hang caused by empty PASS command. * [2686] Fix double-free errors. [MITKRB5-SA-2004-002] * [2687] Fix denial-of-service vulnerability in ASN.1 decoder. [MITKRB5-SA-2004-003] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQUIgrabDgE/zdoE9AQFIugP/SQBUjR5SmDUNGNQ70NWMUZuvFqw3Wj6y 2+VYsM7nJ5iwWtttVLCQZIQREoJgpYTU3M/+Ttee5c4BsZoc30JPwjtcVWXLF74b p5NgY1lNnE30Vy1RwUYS9VA8skO2uS/IOoAyYGMzVF9qBcHpfEVIxeX87oxtDJHB jyjP4I0SJPY= =qQRY -----END PGP SIGNATURE----- From tlyu at MIT.EDU Fri Sep 17 16:38:22 2004 From: tlyu at MIT.EDU (Tom Yu) Date: Fri Sep 17 15:39:20 2004 Subject: MIT Kerberos for Windows 2.6.5 is released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos for Windows 2.6.5. The distribution packages and Release Notes are available from the download link on the MIT Kerberos distribution page, http://web.mit.edu/kerberos/dist/ The main MIT Kerberos web page is http://web.mit.edu/kerberos/ Summary of changes since KfW 2.6.4: * Correct incompatibility between Kerberos 5 MSLSA krb5_ccache and Windows 2000 (introduced in 2.6.4) * Kerberos 5 library updated to release 1.3.5. * Add a new MSI based installation option for organizations which need to distribute KFW via group policy. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQUs9NabDgE/zdoE9AQGSSQQAwAJZsTA5frRl9K/AB9nA92BY1zNQKk2R XWRNfFC3QAWVFBHXQbFrFDJh7tN/IW4ar89swQcHonOreBsnLR9zt2RJVzf9n9lD /F023mnUsiUQj82ar/n8Z+TYJmtJ9EbWPtgRZuEd+04OktGqX9fCmFfAzqBxVZtj wDPJOP183ts= =oEIr -----END PGP SIGNATURE-----