From tlyu at MIT.EDU Thu Jan 27 18:44:09 2005 From: tlyu at MIT.EDU (Tom Yu) Date: Thu Jan 27 18:46:41 2005 Subject: krb5-1.4 is released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.4. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.4 ================================= You may retrieve the Kerberos 5 Release 1.4 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.4 release is: http://web.mit.edu/kerberos/krb5-1.4/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ IMPORTANT NOTICE REGARDING KERBEROS 4 SUPPORT ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] its intention to withdraw the specification of DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the KDC support for version 4 of the Kerberos protocol is disabled by default. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled by default in the KDC), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos, possibly as early as the 1.5 release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos@mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Proposed Withdrawal of Federal Information Processing Standard (FIPS) for the Data Encryption Standard (DES) and Request for Comments. Federal Register 04-16894, 69 FR 44509-44510, 26 July 2004. DOCID:fr26jy04-31. [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf ====================================================================== MAJOR CHANGES ============= * Fix heap buffer overflow in password history mechanism. [MITKRB5-SA-2004-004] * Add implementation of the RPCSEC_GSS authentication flavor to the RPC library. Thanks to Kevin Coffman and the CITI group at the University of Michigan. * Thread safety for krb5 libraries. * Merged Athena telnetd changes for creating a new option for requiring encryption. * The kadmind4 backwards-compatibility admin server and the v5passwdd backwards-compatibility password-changing server have been removed. * Yarrow code now uses AES. * New client commands kcpytkt and kdeltkt for Windows. * New command mit2ms on Windows. * Merged Athena changes to allow ftpd to require encrypted passwords. * Incorporate gss_krb5_set_allowable_enctypes() and gss_krb5_export_lucid_sec_context(), which are needed for NFSv4, from Kevin Coffman. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQfl8zKbDgE/zdoE9AQH9PwP9Gcl80wn3krh/U4kwDHIjYd4x7ef+inCa BpD7a3/QwraSc9OTpEMkwqlcYaMNQ0+ISpOOtFdywKhXzen5qeXsZqehMsMbXXGV Iu7YmbNtJ88U2zLJM3NOyDqwEj5pVNsjPIFxQC7IqsieaKVMBI6c/Au0f4E2MR4M t0MvH53Kpns= =aYzP -----END PGP SIGNATURE----- From tlyu at MIT.EDU Mon Mar 28 18:15:56 2005 From: tlyu at MIT.EDU (Tom Yu) Date: Mon Mar 28 18:16:31 2005 Subject: MITKRB5-SA-2005-001: buffer overflows in telnet client Message-ID: -----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2005-001 Original release: 2005-03-28 Topic: Buffer overflows in telnet client Severity: serious SUMMARY ======= The telnet client program supplied with MIT Kerberos 5 has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution. IMPACT ====== An attacker controlling or impersonating a telnet server may execute arbitrary code with the privileges of the user running the telnet client. The attacker would need to convince the user to connect to a malicious server, perhaps by automatically launching the client from a web page. Additional user interaction may not be required if the attacker can get the user to view HTML containing an IFRAME tag containing a "telnet:" URL pointing to a malicious server. AFFECTED SOFTWARE ================= * telnet client programs included with the MIT Kerberos 5 implementation, up to and including release krb5-1.4. * Other telnet client programs derived from the BSD telnet implementation may be vulnerable. FIXES ===== * WORKAROUND: Disable handling of "telnet:" URLs in web browsers, email readers, etc., or remove execute permissions from the telnet client program. * The upcoming krb5-1.4.1 patch release will contain fixes for this problem. * Apply the patch found at: http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt.asc The patch was generated against the krb5-1.4 release. It may apply against earlier releases with some offset. REFERENCES ========== This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html [IDEF0866] Multiple Telnet Client slc_add_reply() Buffer Overflow http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities CVE: CAN-2005-0469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469 [IDEF0867] Multiple Telnet Client env_opt_add() Buffer Overflow http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities CVE: CAN-2005-0468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468 ACKNOWLEDGMENTS =============== Thanks to iDEFENSE for notifying us of these vulnerabilities, and for providing useful feedback. DETAILS ======= The slc_add_reply() function in telnet.c performs inadequate length checking. By sending a carefully crafted telnet LINEMODE suboption string, a malicious telnet server may cause a telnet client to overflow a fixed-size data segment or BSS buffer and execute arbitrary code. The env_opt_add() function in telnet.c performs inadequate length checking. By sending a carefully crafted telnet NEW-ENVIRON suboption string, a malicious telnet server may cause a telnet client to overflow a heap buffer and execute arbitrary code. REVISION HISTORY ================ 2005-03-28 original release Copyright (C) 2005 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQkiLWqbDgE/zdoE9AQFSsgQAua79YPzliPsWCnWTBWNkk9DZnME4RYNu lmBkFlM2u/zaEAKQaml8QJ8k3TQ5WB0GztqSOEIWuG5ZahyOZQefrGCCHuD2JKFZ g4q6PNM7dvbUCBB9HcR+GHlgr+01ofMjVuhhZ8Rj0icqCs5MojP5+0VSqr94w1zv MS06L8DXn00= =LT9x -----END PGP SIGNATURE-----