From tlyu at MIT.EDU Tue Apr 3 14:10:29 2007 From: tlyu at MIT.EDU (Tom Yu) Date: Tue, 03 Apr 2007 14:10:29 -0400 Subject: MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956] Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-001 Original release: 2007-04-03 Last update: 2007-04-03 Topic: telnetd allows login as arbitrary user Severity: CRITICAL CVE: CVE-2007-0956 CERT: VU#220816 SUMMARY ======= The MIT krb5 telnet daemon (telnetd) allows unauthorized login as an arbitrary user, when presented with a specially crafted username. Exploitation of this vulnerability is trivial. This is a vulnerability in an application program; it is not a bug in the MIT krb5 libraries or in the Kerberos protocol. IMPACT ====== A user can gain unauthorized access to any account (including root) on a host running telnetd. Whether the attacker needs to authenticate depends on the configuration of telnetd on that host. AFFECTED SOFTWARE ================= * telnetd in all releases of MIT krb5, up to and including krb5-1.6 FIXES ===== * The upcoming krb5-1.6.1 release will contain a fix for this vulnerability. Prior to that release you may: * disable telnetd or * apply the patch This patch is also available at http://web.mit.edu/kerberos/advisories/2007-001-patch.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2007-001-patch.txt.asc *** src/appl/telnet/telnetd/state.c (revision 19480) - --- src/appl/telnet/telnetd/state.c (local) *************** *** 1665,1671 **** strcmp(varp, "RESOLV_HOST_CONF") && /* linux */ strcmp(varp, "NLSPATH") && /* locale stuff */ strncmp(varp, "LC_", strlen("LC_")) && /* locale stuff */ ! strcmp(varp, "IFS")) { return 1; } else { syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp); - --- 1665,1672 ---- strcmp(varp, "RESOLV_HOST_CONF") && /* linux */ strcmp(varp, "NLSPATH") && /* locale stuff */ strncmp(varp, "LC_", strlen("LC_")) && /* locale stuff */ ! strcmp(varp, "IFS") && ! !strchr(varp, '-')) { return 1; } else { syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp); *** src/appl/telnet/telnetd/sys_term.c (revision 19480) - --- src/appl/telnet/telnetd/sys_term.c (local) *************** *** 1287,1292 **** - --- 1287,1302 ---- #endif #if defined (AUTHENTICATION) if (auth_level >= 0 && autologin == AUTH_VALID) { + if (name[0] == '-') { + /* Authenticated and authorized to log in to an + account starting with '-'? Even if that + unlikely case comes to pass, the current login + program will not parse the resulting command + line properly. */ + syslog(LOG_ERR, "user name cannot start with '-'"); + fatal(net, "user name cannot start with '-'"); + exit(1); + } # if !defined(NO_LOGIN_F) #if defined(LOGIN_CAP_F) argv = addarg(argv, "-F"); *************** *** 1377,1387 **** } else #endif if (getenv("USER")) { ! argv = addarg(argv, getenv("USER")); #if defined(LOGIN_ARGS) && defined(NO_LOGIN_P) { register char **cpp; for (cpp = environ; *cpp; cpp++) argv = addarg(argv, *cpp); } #endif - --- 1387,1405 ---- } else #endif if (getenv("USER")) { ! char *user = getenv("USER"); ! if (user[0] == '-') { ! /* "telnet -l-x ..." */ ! syslog(LOG_ERR, "user name cannot start with '-'"); ! fatal(net, "user name cannot start with '-'"); ! exit(1); ! } ! argv = addarg(argv, user); #if defined(LOGIN_ARGS) && defined(NO_LOGIN_P) { register char **cpp; for (cpp = environ; *cpp; cpp++) + if ((*cpp)[0] != '-') argv = addarg(argv, *cpp); } #endif REFERENCES ========== This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CVE-2007-0956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956 CERT: VU#220816 http://www.kb.cert.org/vuls/id/220816 ACKNOWLEDGMENTS =============== This vulnerability was found when attempting to confirm the absence of a related vulnerability in the Solaris telnetd. [CVE-2007-0882] DETAILS ======= The MIT krb5 telnet daemon fails to adequately check the provided username. A malformed username beginning with "-e" can be interpreted as a command-line flag by the login.krb5 program, which is executed by telnetd. This causes login.krb5 to execute part of the BSD rlogin protocol, where an arbitrary username may be injected, allowing login as that user without a password or any further authentication. If the telnet daemon is configured to only permit authenticated login, then only authenticated users can exploit this vulnerability. REVISION HISTORY ================ 2007-04-03 original release Copyright (C) 2007 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRhKVRabDgE/zdoE9AQIzPAQAj8a7ShfHXVVMOPQhEyoN/Ydnalnfa2xE cl7UXFSjmkexalD+rymL0upLFw7EVgnYrVazc+AUhDLt1AZmCl5Lj2+WAcl1QYPu fEGm2SFaS4Eda6NRb6xZ4BeY8zfRWFN2G8Bb5krpGj+oEX/c3Xg8O4oUyiJBYBQi TXhryamn6Yw= =aE5C -----END PGP SIGNATURE----- From tlyu at MIT.EDU Tue Apr 3 14:10:35 2007 From: tlyu at MIT.EDU (Tom Yu) Date: Tue, 03 Apr 2007 14:10:35 -0400 Subject: MITKRB5-SA-2007-002: KDC, kadmind stack overflow in krb5_klog_syslog [CVE-2007-0957] Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-002 Original release: 2007-04-03 Last update: 2007-04-03 Topic: KDC, kadmind stack overflow in krb5_klog_syslog Severity: CRITICAL CVE: CVE-2007-0957 CERT: VU#704024 SUMMARY ======= The library function krb5_klog_syslog() can write past the end of a stack buffer. The Kerberos administration daemon (kadmind) as well as the KDC, are vulnerable. Exploitation of this vulnerability is probably simple. This is a vulnerability in the the kadm5 library, which is used by the KDC and kadmind, and possibly by some third-party applications. It is not a bug in the MIT krb5 protocol libraries or in the Kerberos protocol. IMPACT ====== An authenticated user may be able to cause a host running kadmind to execute arbitrary code. An authenticated user may be able to cause a KDC host to execute arbitrary code. Also, a user controlling a Kerberos realm sharing a key with the target realm may be able to cause a KDC host to execute arbitrary code. Successful exploitation can compromise the Kerberos key database and host security on the host running these programs. (kadmind and the KDC typically run as root.) Unsuccessful exploitation attempts will likely result in the affected program crashing. Third-party applications which call krb5_klog_syslog() may also be vulnerable. AFFECTED SOFTWARE ================= * MIT krb5 releases through krb5-1.6 FIXES ===== * The upcoming krb5-1.6.1 release will contain a fix for this vulnerability. Prior to that release you may: * apply the patch The patch is available at http://web.mit.edu/kerberos/advisories/2007-002-patch.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2007-002-patch.txt.asc Systems which definitely provide vsnprintf() may not need the entire patch; see "DETAILS". Please note that releases prior to krb5-1.5 will require additional changes to the configure script src/lib/kadm5/configure in order to correctly detect the presence of vsnprintf(). krb5-1.5 and later releases already check for vsnprintf() in the top-level configure script, and do not have a separate src/lib/kadm5/configure script. REFERENCES ========== This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CVE-2007-0957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957 CERT: VU#704024 http://www.kb.cert.org/vuls/id/704024 ACKNOWLEDGMENTS =============== We thank iDefense Labs for notifying us of this vulnerability. iDefense credits an anonymous discoverer. DETAILS ======= krb5_klog_syslog() uses vsprintf() to format text into a fixed-length stack buffer. Format specifiers such as "%s" used in calls to krb5_klog_syslog() may allow formatting of strings of sufficient length to overwrite memory past the end of the stack buffer. Certain strings received from the client by the kadmin daemon are not truncated prior to logging. Among these strings is the target principal for the kadmin operation. The KDC truncates most client-originated strings prior to logging. One sort of string which is not truncated is a transited-realms string. A malicious KDC sharing a key with the target realm may issue tickets with specially-crafted transited-realms strings to exploit this vulnerability. There are other places where an authenticated user may cause the KDC to log a string which triggers the vulnerability. On a system where vsnprintf() is confirmed to be available, the patches to files other than src/lib/kadm5/logger.c may not be necessary to prevent a buffer overflow; these patches are still useful to prevent malicious users from causing vsnprintf() to obliterate useful log information by means of truncation. REVISION HISTORY ================ 2007-04-03 original release Copyright (C) 2007 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRhKVS6bDgE/zdoE9AQJlZgQAq/IvVdpkf3VNViwuZaAJ31+mqq17gKqX 9DkxkvpPD2b5/8N/ouywP/ODCpYpT9Y+mU+Cw/hEfL2otv/o1HJcV7CXPRCEFODs YKpi2Sahcxs+jl1ZQfsY63oay6urZ0PTcrZTFQuqOv8B0wVd0XUwrSkBLejZszL3 YUFR4W+wtbg= =GsBC -----END PGP SIGNATURE----- From tlyu at MIT.EDU Tue Apr 3 14:10:39 2007 From: tlyu at MIT.EDU (Tom Yu) Date: Tue, 03 Apr 2007 14:10:39 -0400 Subject: MITKRB5-SA-2007-003: double-free vulnerability in kadmind (via GSS-API library) [CVE-2007-1216] Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-003 Original release: 2007-04-03 Last update: 2007-04-03 Topic: double-free vulnerability in kadmind (via GSS-API library) Severity: CRITICAL CVE: CVE-2007-1216 CERT: VU#419344 SUMMARY ======= The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a double-free attack in the RPCSEC_GSS authentication flavor of the RPC library, which itself results from a bug in the GSS-API library. Under some error conditions, the krb5 GSS-API mechanism can free a buffer which an application may then free again. This may result in arbitrary code execution. Third-party applications using the GSS-API library provided with MIT krb5 may also be vulnerable. Exploitation of double-free bugs is believed to be difficult. This is a bug in the GSS-API library included with MIT krb5, which is used by kadmind and by some third-party applications. It is not a bug in the Kerberos protocol. IMPACT ====== An authenticated user may be able to cause a host running kadmind to execute arbitrary code. Successful exploitation can compromise the Kerberos key database and host security on the host running these programs. (kadmind and the KDC typically run as root.) Unsuccessful exploitation attempts will likely result in the affected program crashing. Third-party applications calling either the RPC library or the GSS-API library provided with MIT krb5 may be vulnerable. AFFECTED SOFTWARE ================= * kadmind from MIT releases krb5-1.4 through krb5-1.6 * third-party applications calling the RPC library included in MIT releases krb5-1.4 through krb5-1.6 * kadmind and third-party applications calling the RPC library in MIT releases earlier than krb5-1.4 may not be vulnerable because the RPCSEC_GSS authentication flavor was not implemented in those RPC libraries. * third-party applications calling the GSS-API library included in any MIT krb5 releases, up to and including krb5-1.6, if the application handles GSS-API errors in a certain way FIXES ===== * The upcoming krb5-1.6.1 release will contain a fix for this vulnerability. Prior to that release you may: * apply the patch Note that releases prior to krb5-1.3 will require a different patch due to an additional related vulnerability in the same file. This patch is also available at http://web.mit.edu/kerberos/advisories/2007-003-patch.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2007-003-patch.txt.asc *** src/lib/gssapi/krb5/k5unseal.c (revision 19510) - --- src/lib/gssapi/krb5/k5unseal.c (revision 19511) *************** *** 457,464 **** if ((ctx->initiate && direction != 0xff) || (!ctx->initiate && direction != 0)) { ! if (toktype == KG_TOK_SEAL_MSG) xfree(token.value); *minor_status = G_BAD_DIRECTION; return(GSS_S_BAD_SIG); } - --- 457,467 ---- if ((ctx->initiate && direction != 0xff) || (!ctx->initiate && direction != 0)) { ! if (toktype == KG_TOK_SEAL_MSG) { xfree(token.value); + message_buffer->value = NULL; + message_buffer->length = 0; + } *minor_status = G_BAD_DIRECTION; return(GSS_S_BAD_SIG); } REFERENCES ========== This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CVE-2007-1216 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216 CERT: VU#419344 http://www.kb.cert.org/vuls/id/419344 ACKNOWLEDGMENTS =============== This bug was found while exercising the GSS-API library using the GSSTEST test program provided by SAP AG. Shiva Persaud of IBM alerted us to an ambiguity in the wording of a draft of this advisory. DETAILS ======= The kg_unseal_v1() function in src/lib/gssapi/krb5/k5unseal.c frees memory allocated for the "message_buffer" gss_buffer_t when it detects an invalid direction encoding on the message. It does not set the pointer to NULL, nor does it set the length to zero. An application subsequently calling gss_release_buffer() on this gss_buffer_t will cause memory to be freed twice. Much code provided with MIT krb5 does not attempt to call gss_release_buffer() when gss_unseal() or gss_unwrap() fails, even though the GSS-API C-bindings specification permits it to do so. The RPCSEC_GSS authentication flavor for the RPC library, introduced in krb5-1.4, does call gss_release_buffer() when gss_unwrap() fails. This allows an authenticated attacker to trigger a double-free situation. Third-party applications calling the RPC library provided with MIT krb5 and using the RPCSEC_GSS authentication flavor are vulnerable. Third-party applications calling the MIT GSS-API library are vulnerable if they call gss_release_buffer() when they experience errors from gss_unseal() or gss_unwrap(). REVISION HISTORY ================ 2007-04-03 original release Copyright (C) 2007 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRhKVU6bDgE/zdoE9AQJS0gP/fieb8glCvyZHOiJkVRGGbtzzSPC2RcHN IkuF+aJo+KaKSFE+aKjce6Yx8jbOeqXx6CJe6UivGwXr1yyp31dh4B92N+3kMJlk bsNlmNJOg2iOAo+YTINokfIwsYZSWcAv1UVjhTYlev0sn9IdI/a1NNhNpIvkSDg0 NdPwbLy4wi8= =MwHB -----END PGP SIGNATURE----- From tlyu at MIT.EDU Tue Apr 3 19:22:49 2007 From: tlyu at MIT.EDU (Tom Yu) Date: Tue, 03 Apr 2007 19:22:49 -0400 Subject: kfw-3.2-beta1 is available Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Development Team and Secure Endpoints Inc. are proud to announce the first beta release of MIT's Kerberos for Windows product, Version 3.2. Please send bug reports and feedback to kfw-bugs at mit.edu. What's New: =========== * Network Identity Manager Application o A simplified basic mode has been added to the "obtain new credentials dialog". The basic mode replaces the credential browser with a button that can be used to access the advanced configuration functions. This advanced mode provides the credential browser and a tabbed view of the configuration dialogs for each of the available credential providers. o A simplified default application view that shows only the status of the active identities. o A new command-line option to netidmgr.exe is available to shutdown a running instance of Network Identity Manager. Specify "-x" or "--exit" to force the existing instance to terminate. o The use of ellipsis on menu items now follows the Windows Style Guide. Ellipsis is only used when additional information is required from the user before carrying out the designated action. If displaying a dialog is the action, no ellipsis is used. o Improved handling of window focus when opening and closing modal dialogs. o Reduce the number of alerts presented to the user by combining duplicates into a single alert. o Do not generate alerts if there is nothing that the user can do to correct the situation. Alerts that are displayed provide actions the user can take if desired. o Renew and Destroy menus provide "All" and "Individual identity names" as choices. o The Renew and Destroy toolbar buttons provide dropdown menus permitting the action to be applied to either "All" or one specific identity. o The "default" action of left clicking the notification icon is now configurable. The default configuration is "open/close NIM window". The alternate is to open the new credentials dialog. This can be specified by the user on the General Options page. o The alerter window can now display multiple alerts simultaneously. o Ensure that the NIM window is displayed on an active desktop. If not, move it to the primary desktop and center it. o New Basic mode display that shows only the state of the identity and its expiration time. Use F7 or View->Advanced to switch to the previous display that is configurable by the user to show details about each credential. o New Color Scheme derived from current Windows Desktop Color Scheme. o Improved display updating algorithms reduce flicker o The proper icon sizes are now used in the information bubble and the status bar. o Plug-in Help can now be added to the Help menu * Network Identity Manager Kerberos v5 Support o Do not show cached prompts to user if they have expired o Correct the possibility that a krb5_ccache handle might be freed twice. o Import settings from Kerberos Profile if there are no equivalent defaults specified in the registry. Support per-realm settings. o An identity that matches the MSLSA will not renew its credentials from the MSLSA if the user obtained the credentials from elsewhere. o When importing an identity from the MSLSA that has never been seen before, create an entry in the identity database. o Do not attempt to renew non-renewable identities o Permit an identity to be configured as the default identity even if it doesn't have any credentials. * Kerberos v5 Library Improvements o Based on MIT release 1.6+ o On Vista MSLSA: krb5_ccache can be used to store tickets including TGTs for alternative principals to the LSA credential cache o On Vista a more efficient interface for enumerating the contents of the LSA credential cache is available. o Vista support is only built if the Vista SDK version of NTSecAPI.H is used. o On Vista, if a process is UAC limited, the MSLSA will report that no tickets are present in the cache rather than return tickets with invalid session keys. o get_os_ccname() uses GetEnvironmentVariable() instead of getenv() to read the KRB5CCNAME environment variable. This allows the correct default credential cache name to be returned by krb5_cc_default_name(). This works around a problem where a gssapi application would trigger an Obtain New Credentials prompt from NIM only to have it obtain the wrong credential cache. * Winsock Helper Library Improvements o DNS queries that terminate with a dot would not properly match the hostnames listed within the DNS response preventing a successful return. This resulted in "kinit -4" failing to find the KDCs. * Integrated Logon Improvements o Remove the reliance on the Windows Logon Event handler and replace it with a LogonScript that executes kfwlogon.dll via a call to rundll32.exe. This change permits the integrated logon functionality to work on all supported platforms: Windows 2000 to Windows Vista. o Disable the use of integrated logon if the Network Provider is called as a result of a non-interactive logon. The non-interactive logon does not process the specified LogonScript. As a result, the intermediate credential cache file would not be processed nor cleaned up. o Obtained credentials are stored into an API credential cache whose name is API: o Add a debugging mode which when activated logs to the Windows Application Event Log. [HKLM\System\CurrentControlSet\Services\MIT Kerberos\NetworkProvider] DWORD "Debug" * Leash32 Library Changes o Modify the leash functions to use krb5_string_to_deltat() to parse ticket_lifetime and renew_lifetime from the profile. Previously the leash functions expected those fields to be integer representation of minutes without the use of any units. This change is for consistency with KFM and the rest of the krb5 library. o Modify the private functions acquire_tkt_for_princ() and acquire_tkt_no_princ() that are called from gssapi32.dll so that they will work on Windows Vista and so that the MSLSA: principal is only imported if it matches the default identity and no credentials for that identity are present. o Remove all AFS functionality. Supported Versions of Microsoft Windows ======================================= This release requires 32-bit editions of Microsoft Windows 2000 and higher or the WOW64 environment of 64-bit editions of Microsoft Windows XP and higher. Microsoft Vista User Account Control (UAC) ========================================== Microsoft Vista UAC mode prevents accounts that are members of the local Administrators group from accessing Kerberos session keys from the LSA credentials cache. The MIT Kerberos MSLSA krb5_ccache type will not report the existence of Kerberos tickets which do not have valid session keys. Users are encouraged to login to Microsoft Vista with accounts that are not members of the local machine Administrators group in order to obtain the best single sign-on experience with MIT Kerberos for Windows and Network Identity Manager. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/dist/index.html Acknowledgments =============== Thanks to Stanford University for funding Secure Endpoints Inc.'s implementation of many of the Network Identity Manager user experience improvements including the user configurable default action, the revised "Obtain New Credentials" dialog, the new default application view, and the improved alert management. Secure Endpoints Inc. wishes to acknowledge the work of Asanka Herath on Network Identity Manager (NIM). NIM would not be the same without him. For information on Secure Endpoints Inc.'s future plans for NIM please see http://www.secure-endpoints.com/netidmgr/roadmap.html Important notice regarding Kerberos 4 support ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos at mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRhLhzKbDgE/zdoE9AQIt/QP9E75/AL1iKUctB6qGaWyacQDdK+pNINEH 9OXxThI2q9k7dunx2XvmKgCnqeRdYSqr8ioQi7bWEABogqaSi+GXuyo3JKinnnAK W6482mk2hoAa5rK2TM2b5ArRkjx5csDp8Y08ImvcM6mQU+GeVLVy6ZFAyJs4isMV XlU9BVqZ5uQ= =aonP -----END PGP SIGNATURE----- From tlyu at MIT.EDU Wed Apr 11 16:58:02 2007 From: tlyu at MIT.EDU (Tom Yu) Date: Wed, 11 Apr 2007 16:58:02 -0400 Subject: kfw-3.2-beta1 is available - corrected MSI Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a reposting because the MSI originally posted for kfw-3.2-beta1 was inadvertently copied from an older version. We have uploaded the correct kfw-3_2_0-beta1.msi file. One way to distinguish the files is by their size; the correct MSI file has a size of 8391k. The incorrect file had a size of 8400k. ======================================== The MIT Kerberos Development Team and Secure Endpoints Inc. are proud to announce the first beta release of MIT's Kerberos for Windows product, Version 3.2. Please send bug reports and feedback to kfw-bugs at mit.edu. What's New: =========== * Network Identity Manager Application o A simplified basic mode has been added to the "obtain new credentials dialog". The basic mode replaces the credential browser with a button that can be used to access the advanced configuration functions. This advanced mode provides the credential browser and a tabbed view of the configuration dialogs for each of the available credential providers. o A simplified default application view that shows only the status of the active identities. o A new command-line option to netidmgr.exe is available to shutdown a running instance of Network Identity Manager. Specify "-x" or "--exit" to force the existing instance to terminate. o The use of ellipsis on menu items now follows the Windows Style Guide. Ellipsis is only used when additional information is required from the user before carrying out the designated action. If displaying a dialog is the action, no ellipsis is used. o Improved handling of window focus when opening and closing modal dialogs. o Reduce the number of alerts presented to the user by combining duplicates into a single alert. o Do not generate alerts if there is nothing that the user can do to correct the situation. Alerts that are displayed provide actions the user can take if desired. o Renew and Destroy menus provide "All" and "Individual identity names" as choices. o The Renew and Destroy toolbar buttons provide dropdown menus permitting the action to be applied to either "All" or one specific identity. o The "default" action of left clicking the notification icon is now configurable. The default configuration is "open/close NIM window". The alternate is to open the new credentials dialog. This can be specified by the user on the General Options page. o The alerter window can now display multiple alerts simultaneously. o Ensure that the NIM window is displayed on an active desktop. If not, move it to the primary desktop and center it. o New Basic mode display that shows only the state of the identity and its expiration time. Use F7 or View->Advanced to switch to the previous display that is configurable by the user to show details about each credential. o New Color Scheme derived from current Windows Desktop Color Scheme. o Improved display updating algorithms reduce flicker o The proper icon sizes are now used in the information bubble and the status bar. o Plug-in Help can now be added to the Help menu * Network Identity Manager Kerberos v5 Support o Do not show cached prompts to user if they have expired o Correct the possibility that a krb5_ccache handle might be freed twice. o Import settings from Kerberos Profile if there are no equivalent defaults specified in the registry. Support per-realm settings. o An identity that matches the MSLSA will not renew its credentials from the MSLSA if the user obtained the credentials from elsewhere. o When importing an identity from the MSLSA that has never been seen before, create an entry in the identity database. o Do not attempt to renew non-renewable identities o Permit an identity to be configured as the default identity even if it doesn't have any credentials. * Kerberos v5 Library Improvements o Based on MIT release 1.6+ o On Vista MSLSA: krb5_ccache can be used to store tickets including TGTs for alternative principals to the LSA credential cache o On Vista a more efficient interface for enumerating the contents of the LSA credential cache is available. o Vista support is only built if the Vista SDK version of NTSecAPI.H is used. o On Vista, if a process is UAC limited, the MSLSA will report that no tickets are present in the cache rather than return tickets with invalid session keys. o get_os_ccname() uses GetEnvironmentVariable() instead of getenv() to read the KRB5CCNAME environment variable. This allows the correct default credential cache name to be returned by krb5_cc_default_name(). This works around a problem where a gssapi application would trigger an Obtain New Credentials prompt from NIM only to have it obtain the wrong credential cache. * Winsock Helper Library Improvements o DNS queries that terminate with a dot would not properly match the hostnames listed within the DNS response preventing a successful return. This resulted in "kinit -4" failing to find the KDCs. * Integrated Logon Improvements o Remove the reliance on the Windows Logon Event handler and replace it with a LogonScript that executes kfwlogon.dll via a call to rundll32.exe. This change permits the integrated logon functionality to work on all supported platforms: Windows 2000 to Windows Vista. o Disable the use of integrated logon if the Network Provider is called as a result of a non-interactive logon. The non-interactive logon does not process the specified LogonScript. As a result, the intermediate credential cache file would not be processed nor cleaned up. o Obtained credentials are stored into an API credential cache whose name is API: o Add a debugging mode which when activated logs to the Windows Application Event Log. [HKLM\System\CurrentControlSet\Services\MIT Kerberos\NetworkProvider] DWORD "Debug" * Leash32 Library Changes o Modify the leash functions to use krb5_string_to_deltat() to parse ticket_lifetime and renew_lifetime from the profile. Previously the leash functions expected those fields to be integer representation of minutes without the use of any units. This change is for consistency with KFM and the rest of the krb5 library. o Modify the private functions acquire_tkt_for_princ() and acquire_tkt_no_princ() that are called from gssapi32.dll so that they will work on Windows Vista and so that the MSLSA: principal is only imported if it matches the default identity and no credentials for that identity are present. o Remove all AFS functionality. Supported Versions of Microsoft Windows ======================================= This release requires 32-bit editions of Microsoft Windows 2000 and higher or the WOW64 environment of 64-bit editions of Microsoft Windows XP and higher. Microsoft Vista User Account Control (UAC) ========================================== Microsoft Vista UAC mode prevents accounts that are members of the local Administrators group from accessing Kerberos session keys from the LSA credentials cache. The MIT Kerberos MSLSA krb5_ccache type will not report the existence of Kerberos tickets which do not have valid session keys. Users are encouraged to login to Microsoft Vista with accounts that are not members of the local machine Administrators group in order to obtain the best single sign-on experience with MIT Kerberos for Windows and Network Identity Manager. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/dist/index.html Acknowledgments =============== Thanks to Stanford University for funding Secure Endpoints Inc.'s implementation of many of the Network Identity Manager user experience improvements including the user configurable default action, the revised "Obtain New Credentials" dialog, the new default application view, and the improved alert management. Secure Endpoints Inc. wishes to acknowledge the work of Asanka Herath on Network Identity Manager (NIM). NIM would not be the same without him. For information on Secure Endpoints Inc.'s future plans for NIM please see http://www.secure-endpoints.com/netidmgr/roadmap.html Important notice regarding Kerberos 4 support ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos at mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRh1L3abDgE/zdoE9AQI2FAP/QbBEqlUkliDO5UvKzxDJCeti6lWLqKYe 55HiUijs8UD2egkI42MqwN/YISgwDbrw1QVPg8PdqnNEHNrAHs9dir8Fbhg6nLAj TQTjQFIKUxQu43u8E0xkbWYukG5hlzSOZORPVXWOjZeurZC1mibxNaRWiu5hfZdS reg8ECwVHzs= =jGyx -----END PGP SIGNATURE----- From kpkoch at MIT.EDU Tue Apr 17 10:03:50 2007 From: kpkoch at MIT.EDU (Kevin Koch) Date: Tue, 17 Apr 2007 10:03:50 -0400 Subject: Announcing the kfwdev mailing list Message-ID: I have created a mailing list for discussion of Kerberos for Windows (KfW) issues. Anyone discussing Network Identity Manager (NIM) or KfW, or planning on contributing code to them, should subscribe. kfwdev is expected to be a subset of krbdev. Kevin Koch Lead Software Engineer, Kerberos for Windows Information Services & Technology Massachusetts Institute of Technology 77 Massachusetts Avenue W92-140 Cambridge, MA 02139 Office: 617-324-8949 kpkoch at mit.edu From tlyu at MIT.EDU Thu Apr 19 19:06:22 2007 From: tlyu at MIT.EDU (Tom Yu) Date: Thu, 19 Apr 2007 19:06:22 -0400 Subject: krb5-1.5.3 is released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.5.3. This is primarily a security update release. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.5.3 =================================== You may retrieve the Kerberos 5 Release 1.5.3 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.5.3 release is: http://web.mit.edu/kerberos/krb5-1.5/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES ============= * Fix MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956, VU#220816] * Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog [CVE-2007-0957, VU#704024] * Fix MITKRB5-SA-2007-003: double-free in kadmind - the RPC library could perform a double-free due to a GSS-API library bug [CVE-2007-1216, VU#419344] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRif19KbDgE/zdoE9AQKF2AQAvO8ruRbi3hzPrHJoqOoJ3q8UDQV8BADw hJZr57fFSELmEhDldK6vW7NF/pvRRh/VOgysb+fMI5m/s6usmtCxRCWRDAuLatkY bEC8B+W4eJqtaKRU2WmqjchJ/+/hIB0Kiok2axv+0wagrfAXfmGNvuvFyCyKcxKu PBNXUGnmG94= =QI9d -----END PGP SIGNATURE----- From tlyu at MIT.EDU Fri Apr 20 20:16:57 2007 From: tlyu at MIT.EDU (Tom Yu) Date: Fri, 20 Apr 2007 20:16:57 -0400 Subject: krb5-1.6.1 is released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Team announces the availability of MIT Kerberos 5 Release 1.6.1. Please see below for a list of some major changes included, or consult the README file in the source tree for a more detailed list of significant changes. RETRIEVING KERBEROS 5 RELEASE 1.6.1 =================================== You may retrieve the Kerberos 5 Release 1.6.1 source from the following URL: http://web.mit.edu/kerberos/dist/ The homepage for the krb5-1.6.1 release is: http://web.mit.edu/kerberos/krb5-1.6/ Further information about Kerberos 5 may be found at the following URL: http://web.mit.edu/kerberos/ MAJOR CHANGES ============= * Fix MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956, VU#220816] * Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog [CVE-2007-0957, VU#704024] * Fix MITKRB5-SA-2007-003: double-free in kadmind - the RPC library could perform a double-free due to a GSS-API library bug [CVE-2007-1216, VU#419344] * fix crash creating db2 database in non-existent directory -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRilX/abDgE/zdoE9AQKnlAQApp011mLdZDL4xxckyi3gDhFnb4Yjj0b8 xXowsizM7Qd3P0xih2orzl5efVBlmNLr//Ol977Xmpk0PXuEGv/XtPe7vy8+gNFk LoVFTgGCBkwn4eHuLxZ3+j0ZtoS4ydKVESu/dv2s8sAUhl/vBptL7eLB5pXjEtPJ MWPqZb1Pldc= =OQEt -----END PGP SIGNATURE----- From tlyu at MIT.EDU Tue Apr 24 17:12:22 2007 From: tlyu at MIT.EDU (Tom Yu) Date: Tue, 24 Apr 2007 17:12:22 -0400 Subject: kfw-3.2-beta2 is available Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Development Team and Secure Endpoints Inc. are proud to announce the second beta release of MIT's Kerberos for Windows product, Version 3.2. Please send bug reports and feedback to kfw-bugs at mit.edu. What's New in KFW 3.2: ====================== * Network Identity Manager Application o A simplified basic mode has been added to the "obtain new credentials dialog". The basic mode replaces the credential browser with a button that can be used to access the advanced configuration functions. This advanced mode provides the credential browser and a tabbed view of the configuration dialogs for each of the available credential providers. o A simplified default application view that shows only the status of the active identities. o A new command-line option to netidmgr.exe is available to shutdown a running instance of Network Identity Manager. Specify "-x" or "--exit" to force the existing instance to terminate. o The use of ellipsis on menu items now follows the Windows Style Guide. Ellipsis is only used when additional information is required from the user before carrying out the designated action. If displaying a dialog is the action, no ellipsis is used. o Improved handling of window focus when opening and closing modal dialogs. o Reduce the number of alerts presented to the user by combining duplicates into a single alert. o Do not generate alerts if there is nothing that the user can do to correct the situation. Alerts that are displayed provide actions the user can take if desired. o Renew and Destroy menus provide "All" and "Individual identity names" as choices. o The Renew and Destroy toolbar buttons provide dropdown menus permitting the action to be applied to either "All" or one specific identity. o The "default" action of left clicking the notification icon is now configurable. The default configuration is "open/close NIM window". The alternate is to open the new credentials dialog. This can be specified by the user on the General Options page. o The alerter window can now display multiple alerts simultaneously. o Ensure that the NIM window is displayed on an active desktop. If not, move it to the primary desktop and center it. o New Basic mode display that shows only the state of the identity and its expiration time. Use F7 or View->Advanced to switch to the previous display that is configurable by the user to show details about each credential. o New Color Scheme derived from current Windows Desktop Color Scheme. o Improved display updating algorithms reduce flicker o The proper icon sizes are now used in the information bubble and the status bar. o Task Bar buttons are created for visible windows and dialogs o Plug-in Help can now be added to the Help menu o Improved HtmlHelp user documentation with Indexing o Improved HtmlHelp developer documentation with Indexing o Improved PDF user documentation * Network Identity Manager Kerberos v5 Support o Do not show cached prompts to user if they have expired o Correct the possibility that a krb5_ccache handle might be freed twice. o Import settings from Kerberos Profile if there are no equivalent defaults specified in the registry. Support per-realm settings. o An identity that matches the MSLSA will not renew its credentials from the MSLSA if the user obtained the credentials from elsewhere. o When importing an identity from the MSLSA that has never been seen before, create an entry in the identity database. o Do not attempt to renew non-renewable identities o Permit an identity to be configured as the default identity even if it doesn't have any credentials. * Kerberos v5 Library Improvements o Based on MIT release 1.6+ o On Vista MSLSA: krb5_ccache can be used to store tickets including TGTs for alternative principals to the LSA credential cache o On Vista a more efficient interface for enumerating the contents of the LSA credential cache is available. o Vista support is only built if the Vista SDK version of NTSecAPI.H is used. o On Vista, if a process is UAC limited, the MSLSA will report that no tickets are present in the cache rather than return tickets with invalid session keys. o get_os_ccname() uses GetEnvironmentVariable() instead of getenv() to read the KRB5CCNAME environment variable. This allows the correct default credential cache name to be returned by krb5_cc_default_name(). This works around a problem where a gssapi application would trigger an Obtain New Credentials prompt from NIM only to have it obtain the wrong credential cache. * Winsock Helper Library Improvements o DNS queries that terminate with a dot would not properly match the hostnames listed within the DNS response preventing a successful return. This resulted in "kinit -4" failing to find the KDCs. * Integrated Logon Improvements o Remove the reliance on the Windows Logon Event handler and replace it with a LogonScript that executes kfwlogon.dll via a call to rundll32.exe. This change permits the integrated logon functionality to work on all supported platforms: Windows 2000 to Windows Vista. o Disable the use of integrated logon if the Network Provider is called as a result of a non-interactive logon. The non-interactive logon does not process the specified LogonScript. As a result, the intermediate credential cache file would not be processed nor cleaned up. o Obtained credentials are stored into an API credential cache whose name is API: o Add a debugging mode which when activated logs to the Windows Application Event Log. [HKLM\System\CurrentControlSet\Services\MIT Kerberos\NetworkProvider] DWORD "Debug" * Leash32 Library Changes o Modify the leash functions to use krb5_string_to_deltat() to parse ticket_lifetime and renew_lifetime from the profile. Previously the leash functions expected those fields to be integer representation of minutes without the use of any units. This change is for consistency with KFM and the rest of the krb5 library. o Modify the private functions acquire_tkt_for_princ() and acquire_tkt_no_princ() that are called from gssapi32.dll so that they will work on Windows Vista and so that the MSLSA: principal is only imported if it matches the default identity and no credentials for that identity are present. o Remove all AFS functionality. Changes since Beta 1 ==================== (1) Updated HtmlHelp user documentation with basic indexing (2) Updated PDF user documentation (3) Fix the Kerberos v4 configuration panel in the Obtain New Credentials dialog so that it works even if the global use Kerberos v4 flag says not to. (4) Initialize the default identity from existing credentials if there has never been a default identity specified before (5) Renew identities that are imported from MSLSA by importing if and only if the user did not manually obtain credentials for the same identity later on. (6) When renewing an identity that was imported from the MSLSA, if the credentials are expired (or otherwise not useful) initialize the MSLSA ccache and try again. (7) Improvements in hot spot handling (8) Improvements in Advanced view column sort order handling (9) Add a Taskbar button to the main window and the obtain new credentials and change password dialogs (10) Add a vertical scrollbar to the realm list in the Obtain New Credentials and Change Password dialogs (11) File Version information was missing from a number of the Kerberos utility commands. (12) The NIM About dialog could not be closed via Alt-F4 (13) The Integrated Logon Event Log name was changed to "MIT Kerberos". Logging of failure to find the "Debug" registry value was removed. Use case-insensitive tests for the Windows Station to ensure that the "interactive" state can be properly determined on Vista. Clean up orphaned cache files (older than five minutes.) Properly find the kfwcpcc.exe executable. (14) Significantly improved Network Identity Manager Developer documentation. Supported Versions of Microsoft Windows ======================================= This release requires 32-bit editions of Microsoft Windows 2000 and higher or the WOW64 environment of 64-bit editions of Microsoft Windows XP and higher. Microsoft Vista User Account Control (UAC) ========================================== Microsoft Vista UAC mode prevents accounts that are members of the local Administrators group from accessing Kerberos session keys from the LSA credentials cache. The MIT Kerberos MSLSA krb5_ccache type will not report the existence of Kerberos tickets which do not have valid session keys. Users are encouraged to login to Microsoft Vista with accounts that are not members of the local machine Administrators group in order to obtain the best single sign-on experience with MIT Kerberos for Windows and Network Identity Manager. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/dist/index.html Acknowledgments =============== Thanks to Stanford University for funding Secure Endpoints Inc.'s implementation of many of the Network Identity Manager user experience improvements including the user configurable default action, the revised "Obtain New Credentials" dialog, the new default application view, and the improved alert management. Secure Endpoints Inc. wishes to acknowledge the work of Asanka Herath on Network Identity Manager (NIM). NIM would not be the same without him. For information on Secure Endpoints Inc.'s future plans for NIM please see http://www.secure-endpoints.com/netidmgr/roadmap.html A special thanks to Kevin Koch, the newest member of the MIT Kerberos team, for his work on the automated build scripts used to produce this release. Important notice regarding Kerberos 4 support ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos at mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRi5yuqbDgE/zdoE9AQKRpgQAgvgqHTU6U2rwB9HkT8hojsoHRZNzbZNz WKNCzlkVhS78gJbbGkyOOoKi9HklApfA1GH4PJrbsWyBVI3Zzs4A5sbBgh3F0sKy clE2FEKTaMmv4SnOuZv0cY0hTrbfdmtUa1K6t+vUFC5zlyEpZVWmOgPU+mmKG5SI BYhL9oEMSKs= =AGpI -----END PGP SIGNATURE----- From tlyu at MIT.EDU Thu Apr 26 16:30:42 2007 From: tlyu at MIT.EDU (Tom Yu) Date: Thu, 26 Apr 2007 16:30:42 -0400 Subject: kfw-3.2-beta3 is available Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Development Team and Secure Endpoints Inc. are proud to announce the third beta release of MIT's Kerberos for Windows product, Version 3.2. Please send bug reports and feedback to kfw-bugs at mit.edu. What's New in KFW 3.2: ====================== * Network Identity Manager Application o A simplified basic mode has been added to the "obtain new credentials dialog". The basic mode replaces the credential browser with a button that can be used to access the advanced configuration functions. This advanced mode provides the credential browser and a tabbed view of the configuration dialogs for each of the available credential providers. o A simplified default application view that shows only the status of the active identities. o A new command-line option to netidmgr.exe is available to shutdown a running instance of Network Identity Manager. Specify "-x" or "--exit" to force the existing instance to terminate. o The use of ellipsis on menu items now follows the Windows Style Guide. Ellipsis is only used when additional information is required from the user before carrying out the designated action. If displaying a dialog is the action, no ellipsis is used. o Improved handling of window focus when opening and closing modal dialogs. o Reduce the number of alerts presented to the user by combining duplicates into a single alert. o Do not generate alerts if there is nothing that the user can do to correct the situation. Alerts that are displayed provide actions the user can take if desired. o Renew and Destroy menus provide "All" and "Individual identity names" as choices. o The Renew and Destroy toolbar buttons provide dropdown menus permitting the action to be applied to either "All" or one specific identity. o The "default" action of left clicking the notification icon is now configurable. The default configuration is "open/close NIM window". The alternate is to open the new credentials dialog. This can be specified by the user on the General Options page. o The alerter window can now display multiple alerts simultaneously. o Ensure that the NIM window is displayed on an active desktop. If not, move it to the primary desktop and center it. o New Basic mode display that shows only the state of the identity and its expiration time. Use F7 or View->Advanced to switch to the previous display that is configurable by the user to show details about each credential. o New Color Scheme derived from current Windows Desktop Color Scheme. o Improved display updating algorithms reduce flicker o The proper icon sizes are now used in the information bubble and the status bar. o Task Bar buttons are created for visible windows and dialogs o Plug-in Help can now be added to the Help menu o Improved HtmlHelp user documentation with Indexing o Improved HtmlHelp developer documentation with Indexing o Improved PDF user documentation * Network Identity Manager Kerberos v5 Support o Do not show cached prompts to user if they have expired o Correct the possibility that a krb5_ccache handle might be freed twice. o Import settings from Kerberos Profile if there are no equivalent defaults specified in the registry. Support per-realm settings. o An identity that matches the MSLSA will not renew its credentials from the MSLSA if the user obtained the credentials from elsewhere. o When importing an identity from the MSLSA that has never been seen before, create an entry in the identity database. o Do not attempt to renew non-renewable identities o Permit an identity to be configured as the default identity even if it doesn't have any credentials. * Kerberos v5 Library Improvements o Based on MIT release 1.6+ o On Vista MSLSA: krb5_ccache can be used to store tickets including TGTs for alternative principals to the LSA credential cache o On Vista a more efficient interface for enumerating the contents of the LSA credential cache is available. o Vista support is only built if the Vista SDK version of NTSecAPI.H is used. o On Vista, if a process is UAC limited, the MSLSA will report that no tickets are present in the cache rather than return tickets with invalid session keys. o get_os_ccname() uses GetEnvironmentVariable() instead of getenv() to read the KRB5CCNAME environment variable. This allows the correct default credential cache name to be returned by krb5_cc_default_name(). This works around a problem where a gssapi application would trigger an Obtain New Credentials prompt from NIM only to have it obtain the wrong credential cache. * Winsock Helper Library Improvements o DNS queries that terminate with a dot would not properly match the hostnames listed within the DNS response preventing a successful return. This resulted in "kinit -4" failing to find the KDCs. * Integrated Logon Improvements o Remove the reliance on the Windows Logon Event handler and replace it with a LogonScript that executes kfwlogon.dll via a call to rundll32.exe. This change permits the integrated logon functionality to work on all supported platforms: Windows 2000 to Windows Vista. o Disable the use of integrated logon if the Network Provider is called as a result of a non-interactive logon. The non-interactive logon does not process the specified LogonScript. As a result, the intermediate credential cache file would not be processed nor cleaned up. o Obtained credentials are stored into an API credential cache whose name is API: o Add a debugging mode which when activated logs to the Windows Application Event Log. [HKLM\System\CurrentControlSet\Services\MIT Kerberos\NetworkProvider] DWORD "Debug" * Leash32 Library Changes o Modify the leash functions to use krb5_string_to_deltat() to parse ticket_lifetime and renew_lifetime from the profile. Previously the leash functions expected those fields to be integer representation of minutes without the use of any units. This change is for consistency with KFM and the rest of the krb5 library. o Modify the private functions acquire_tkt_for_princ() and acquire_tkt_no_princ() that are called from gssapi32.dll so that they will work on Windows Vista and so that the MSLSA: principal is only imported if it matches the default identity and no credentials for that identity are present. o Remove all AFS functionality. Changes since Beta 2 ==================== (1) A race condition in krb5_get_creds_from_kdc_opt() resulting in a memory access error was fixed that could be triggered if two service tickets are being obtained simultaneously via a cross-realm path of three or more realms and if the KDC rejects requests with the canonicalize flag (MIT Kerberos v5 releases older than 1.3.2) (2) The profile library when storing a profile from memory to a file failed to double quote the null string value on the right hand side of an entry. This would result in a profile file that could not be parsed. Changes since Beta 1 ==================== (1) Updated HtmlHelp user documentation with basic indexing (2) Updated PDF user documentation (3) Fix the Kerberos v4 configuration panel in the Obtain New Credentials dialog so that it works even if the global use Kerberos v4 flag says not to. (4) Initialize the default identity from existing credentials if there has never been a default identity specified before (5) Renew identities that are imported from MSLSA by importing if and only if the user did not manually obtain credentials for the same identity later on. (6) When renewing an identity that was imported from the MSLSA, if the credentials are expired (or otherwise not useful) initialize the MSLSA ccache and try again. (7) Improvements in hot spot handling (8) Improvements in Advanced view column sort order handling (9) Add a Taskbar button to the main window and the obtain new credentials and change password dialogs (10) Add a vertical scrollbar to the realm list in the Obtain New Credentials and Change Password dialogs (11) File Version information was missing from a number of the Kerberos utility commands. (12) The NIM About dialog could not be closed via Alt-F4 (13) The Integrated Logon Event Log name was changed to "MIT Kerberos". Logging of failure to find the "Debug" registry value was removed. Use case-insensitive tests for the Windows Station to ensure that the "interactive" state can be properly determined on Vista. Clean up orphaned cache files (older than five minutes.) Properly find the kfwcpcc.exe executable. (14) Significantly improved Network Identity Manager Developer documentation. Supported Versions of Microsoft Windows ======================================= This release requires 32-bit editions of Microsoft Windows 2000 and higher or the WOW64 environment of 64-bit editions of Microsoft Windows XP and higher. Microsoft Vista User Account Control (UAC) ========================================== Microsoft Vista UAC mode prevents accounts that are members of the local Administrators group from accessing Kerberos session keys from the LSA credentials cache. The MIT Kerberos MSLSA krb5_ccache type will not report the existence of Kerberos tickets which do not have valid session keys. Users are encouraged to login to Microsoft Vista with accounts that are not members of the local machine Administrators group in order to obtain the best single sign-on experience with MIT Kerberos for Windows and Network Identity Manager. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/dist/index.html Acknowledgments =============== Thanks to Stanford University for funding Secure Endpoints Inc.'s implementation of many of the Network Identity Manager user experience improvements including the user configurable default action, the revised "Obtain New Credentials" dialog, the new default application view, and the improved alert management. Secure Endpoints Inc. wishes to acknowledge the work of Asanka Herath on Network Identity Manager (NIM). NIM would not be the same without him. For information on Secure Endpoints Inc.'s future plans for NIM please see http://www.secure-endpoints.com/netidmgr/roadmap.html A special thanks to Kevin Koch, the newest member of the MIT Kerberos team, for his work on the automated build scripts used to produce this release. Important notice regarding Kerberos 4 support ============================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos at mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRjEL9abDgE/zdoE9AQKkCQQA1/+x5dEg2fZx+mn2HDlhXKSdqzvVYoDW lYWdQfZsZKo78orZ/fGAQ2BsZkWmiZYn2LwJLqH3jFWMbKhptebyZkjoWJkGD9nv I2Et4LDbgGe4fX2cXbcIEqkxQKstt7GjINb/cvqaYLKysBEgQ114GS/K7HmYbimx QoFPLsMr3l8= =ECva -----END PGP SIGNATURE----- From tlyu at MIT.EDU Thu May 3 17:59:59 2007 From: tlyu at MIT.EDU (Tom Yu) Date: Thu, 03 May 2007 17:59:59 -0400 Subject: Kerberos for Windows 3.2 is released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The MIT Kerberos Development Team and Secure Endpoints Inc. are proud to announce the release of MIT's Kerberos for Windows product, Version 3.2. Supported Versions of Microsoft Windows ======================================= This release requires 32-bit editions of Microsoft Windows 2000 and higher or the WOW64 environment of 64-bit editions of Microsoft Windows XP and higher. There is no native 64-bit library support in this release. Downloads ========= Binaries and source code can be downloaded from the MIT Kerberos web site: http://web.mit.edu/kerberos/dist/index.html What's New in KFW 3.2: ====================== * Network Identity Manager Application o A simplified basic mode has been added to the "obtain new credentials dialog". The basic mode replaces the credential browser with a button that can be used to access the advanced configuration functions. This advanced mode provides the credential browser and a tabbed view of the configuration dialogs for each of the available credential providers. o A simplified default application view that shows only the status of the active identities. o A new command-line option to netidmgr.exe is available to shutdown a running instance of Network Identity Manager. Specify "-x" or "--exit" to force the existing instance to terminate. o The use of ellipsis on menu items now follows the Windows Style Guide. Ellipsis is only used when additional information is required from the user before carrying out the designated action. If displaying a dialog is the action, no ellipsis is used. o Improved handling of window focus when opening and closing modal dialogs. o Reduce the number of alerts presented to the user by combining duplicates into a single alert. o Do not generate alerts if there is nothing that the user can do to correct the situation. Alerts that are displayed provide actions the user can take if desired. o Renew and Destroy menus provide "All" and "Individual identity names" as choices. o The Renew and Destroy toolbar buttons provide dropdown menus permitting the action to be applied to either "All" or one specific identity. o The "default" action of left clicking the notification icon is now configurable. The default configuration is "open/close NIM window". The alternate is to open the new credentials dialog. This can be specified by the user on the General Options page. o The alerter window can now display multiple alerts simultaneously. o Ensure that the NIM window is displayed on an active desktop. If not, move it to the primary desktop and center it. o New Basic mode display that shows only the state of the identity and its expiration time. Use F7 or View->Advanced to switch to the previous display that is configurable by the user to show details about each credential. o New Color Scheme derived from current Windows Desktop Color Scheme. o Improved display updating algorithms reduce flicker o The proper icon sizes are now used in the information bubble and the status bar. o Task Bar buttons are created for visible windows and dialogs o Plug-in Help can now be added to the Help menu o Improved HtmlHelp user documentation with Indexing o Improved HtmlHelp developer documentation with Indexing o Improved PDF user documentation * Network Identity Manager Kerberos v5 Support o Do not show cached prompts to user if they have expired o Correct the possibility that a krb5_ccache handle might be freed twice. o Import settings from Kerberos Profile if there are no equivalent defaults specified in the registry. Support per-realm settings. o An identity that matches the MSLSA will not renew its credentials from the MSLSA if the user obtained the credentials from elsewhere. o When importing an identity from the MSLSA that has never been seen before, create an entry in the identity database. o Do not attempt to renew non-renewable identities o Permit an identity to be configured as the default identity even if it doesn't have any credentials. * Kerberos v5 Library Improvements o Based on MIT release 1.6+ o On Vista MSLSA: krb5_ccache can be used to store tickets including TGTs for alternative principals to the LSA credential cache o On Vista a more efficient interface for enumerating the contents of the LSA credential cache is available. o Vista support is only built if the Vista SDK version of NTSecAPI.H is used. o On Vista, if a process is UAC limited, the MSLSA will report that no tickets are present in the cache rather than return tickets with invalid session keys. o get_os_ccname() uses GetEnvironmentVariable() instead of getenv() to read the KRB5CCNAME environment variable. This allows the correct default credential cache name to be returned by krb5_cc_default_name(). This works around a problem where a gssapi application would trigger an Obtain New Credentials prompt from NIM only to have it obtain the wrong credential cache. * Winsock Helper Library Improvements o DNS queries that terminate with a dot would not properly match the hostnames listed within the DNS response preventing a successful return. This resulted in "kinit -4" failing to find the KDCs. * Integrated Logon Improvements o Remove the reliance on the Windows Logon Event handler and replace it with a LogonScript that executes kfwlogon.dll via a call to rundll32.exe. This change permits the integrated logon functionality to work on all supported platforms: Windows 2000 to Windows Vista. o Disable the use of integrated logon if the Network Provider is called as a result of a non-interactive logon. The non-interactive logon does not process the specified LogonScript. As a result, the intermediate credential cache file would not be processed nor cleaned up. o Obtained credentials are stored into an API credential cache whose name is API: o Add a debugging mode which when activated logs to the Windows Application Event Log. [HKLM\System\CurrentControlSet\Services\MIT Kerberos\NetworkProvider] DWORD "Debug" * Leash32 Library Changes o Modify the leash functions to use krb5_string_to_deltat() to parse ticket_lifetime and renew_lifetime from the profile. Previously the leash functions expected those fields to be integer representation of minutes without the use of any units. This change is for consistency with KFM and the rest of the krb5 library. o Modify the private functions acquire_tkt_for_princ() and acquire_tkt_no_princ() that are called from gssapi32.dll so that they will work on Windows Vista and so that the MSLSA: principal is only imported if it matches the default identity and no credentials for that identity are present. o Remove all AFS functionality. Microsoft Vista User Account Control (UAC) Restrictions ======================================================= Microsoft Vista UAC mode prevents accounts that are members of the local Administrators group from accessing Kerberos session keys from the LSA credentials cache. The MIT Kerberos MSLSA krb5_ccache type will not report the existence of Kerberos tickets which do not have valid session keys. Users are encouraged to login to Microsoft Vista with accounts that are not members of the local machine Administrators group in order to obtain the best single sign-on experience with MIT Kerberos for Windows and Network Identity Manager. Acknowledgments =============== Thanks to Stanford University for funding Secure Endpoints Inc.'s implementation of many of the Network Identity Manager user experience improvements including the user configurable default action, the revised "Obtain New Credentials" dialog, the new default application view, and the improved alert management. Secure Endpoints Inc. wishes to acknowledge the work of Asanka Herath on Network Identity Manager (NIM). NIM would not be the same without him. For information on Secure Endpoints Inc.'s future plans for NIM please see http://www.secure-endpoints.com/netidmgr/roadmap.html A special thanks to Kevin Koch, the newest member of the MIT Kerberos team, for his work on the automated build scripts used to produce this release. Important notice regarding Kerberos 4 support in MIT Kerberos ============================================================= In the past few years, several developments have shown the inadequacy of the security of version 4 of the Kerberos protocol. These developments have led the MIT Kerberos Team to begin the process of ending support for version 4 of the Kerberos protocol. The plan involves the eventual removal of Kerberos 4 support from the MIT implementation of Kerberos. The Data Encryption Standard (DES) has reached the end of its useful life. DES is the only encryption algorithm supported by Kerberos 4, and the increasingly obvious inadequacy of DES motivates the retirement of the Kerberos 4 protocol. The National Institute of Standards and Technology (NIST), which had previously certified DES as a US government encryption standard, has officially announced[1] the withdrawal of the Federal Information Processing Standards (FIPS) for DES. NIST's action reflects the long-held opinion of the cryptographic community that DES has too small a key space to be secure. Breaking DES encryption by an exhaustive search of its key space is within the means of some individuals, many companies, and all major governments. Consequently, DES cannot be considered secure for any long-term keys, particularly the ticket-granting key that is central to Kerberos. Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit attacks which require far less effort than an exhaustive search of the DES key space. These flaws make Kerberos 4 cross-realm authentication an unacceptable security risk and raise serious questions about the security of the entire Kerberos 4 protocol. The known insecurity of DES, combined with the recently discovered protocol flaws, make it extremely inadvisable to rely on the security of version 4 of the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove support for Kerberos version 4 from the MIT implementation of Kerberos. The process of ending Kerberos 4 support began with release 1.3 of MIT Kerberos 5. In release 1.3, the default run-time configuration of the KDC disables support for version 4 of the Kerberos protocol. Release 1.4 of MIT Kerberos continues to include Kerberos 4 support (also disabled in the KDC with the default run-time configuration), but we intend to completely remove Kerberos 4 support from some future release of MIT Kerberos. The MIT Kerberos Team has ended active development of Kerberos 4, except for the eventual removal of all Kerberos 4 functionality. We will continue to provide critical security fixes for Kerberos 4, but routine bug fixes and feature enhancements are at an end. ** The MIT Kerberos Team has decided that the MIT Kerberos for ** Windows 3.x release series will be the last versions to contain ** Kerberos 4 support. Beginning with 4.0 release, MIT Kerberos for ** Windows will be Kerberos 5 only. At that time MIT will repackage ** the existing Kerberos 4 libraries in a stand-alone installer for ** those organizations that require continued use of Kerberos 4. ** MIT KFW 4.0 is targeted for release during the first quarter of ** 2008. We recommend that any sites which have not already done so begin a migration to Kerberos 5. Kerberos 5 provides significant advantages over Kerberos 4, including support for strong encryption, extensibility, improved cross-vendor interoperability, and ongoing development and enhancement. If you have questions or issues regarding migration to Kerberos 5, we recommend discussing them on the kerberos at mit.edu mailing list. References [1] National Institute of Standards and Technology. Announcing Approval of the Withdrawal of Federal Information Processing Standard (FIPS) 43-3, Data Encryption Standard (DES); FIPS 74, Guidelines for Implementing and Using the NBS Data Encryption Standard; and FIPS 81, DES Modes of Operation. Federal Register 05-9945, 70 FR 28907-28908, 19 May 2005. DOCID:fr19my05-45 [2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed Systems Security Symposium. The Internet Society, February 2004. http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf Changes since Beta 3 ==================== (1) The krb5 api functions krb5_get_init_creds_password and krb5_get_init_creds_keytab permit the krb5_get_init_creds_opt pointer to be NULL. This case was not handled properly. Changes since Beta 2 ==================== (1) A race condition in krb5_get_creds_from_kdc_opt() resulting in a memory access error was fixed that could be triggered if two service tickets are being obtained simultaneously via a cross-realm path of three or more realms and if the KDC rejects requests with the canonicalize flag (MIT Kerberos v5 releases older than 1.3.2) (2) The profile library when storing a profile from memory to a file failed to double quote the null string value on the right hand side of an entry. This would result in a profile file that could not be parsed. Changes since Beta 1 ==================== (1) Updated HtmlHelp user documentation with basic indexing (2) Updated PDF user documentation (3) Fix the Kerberos v4 configuration panel in the Obtain New Credentials dialog so that it works even if the global use Kerberos v4 flag says not to. (4) Initialize the default identity from existing credentials if there has never been a default identity specified before (5) Renew identities that are imported from MSLSA by importing if and only if the user did not manually obtain credentials for the same identity later on. (6) When renewing an identity that was imported from the MSLSA, if the credentials are expired (or otherwise not useful) initialize the MSLSA ccache and try again. (7) Improvements in hot spot handling (8) Improvements in Advanced view column sort order handling (9) Add a Taskbar button to the main window and the obtain new credentials and change password dialogs (10) Add a vertical scrollbar to the realm list in the Obtain New Credentials and Change Password dialogs (11) File Version information was missing from a number of the Kerberos utility commands. (12) The NIM About dialog could not be closed via Alt-F4 (13) The Integrated Logon Event Log name was changed to "MIT Kerberos". Logging of failure to find the "Debug" registry value was removed. Use case-insensitive tests for the Windows Station to ensure that the "interactive" state can be properly determined on Vista. Clean up orphaned cache files (older than five minutes.) Properly find the kfwcpcc.exe executable. (14) Significantly improved Network Identity Manager Developer documentation. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRjpbYqbDgE/zdoE9AQKbfgP/f+T/6ZAcvdZR3fA6at8sxkl8lOngkT69 1GfuG4nO18JWVlC0qASRZ6kqeidZ1+XMM3qWvdLbyut2GrxEpcuGYmr3x2JKXSKO bTbNpZIZXlFjYVzSAfLYokKgqOjC06CVlXC/Vb0G1L0syYC0hXdeofmJC5guMqGo EYIxBlopK9I= =Ba0e -----END PGP SIGNATURE----- From tlyu at MIT.EDU Tue Jun 26 14:01:21 2007 From: tlyu at MIT.EDU (Tom Yu) Date: Tue, 26 Jun 2007 14:01:21 -0400 Subject: MITKRB5-SA-2007-004: kadmind multiple RPC lib vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-004 Original release: 2007-06-26 Last update: 2007-06-26 Topic: kadmind affected by multiple RPC library vulnerabilities Severity: CRITICAL CVE: CVE-2007-2442 CERT: VU#356961 CVE: CVE-2007-2443 CERT: VU#365313 SUMMARY ======= The MIT krb5 Kerberos administration daemon (kadmind) is affected by multiple vulnerabilities in the RPC library shipped with MIT krb5. CVE-2007-2442/VU#356961: The RPC library can free an uninitialized pointer. This may lead to execution of arbitrary code. CVE-2007-2443/VU#365313: The RPC library can write past the end of a stack buffer. This may (but is unlikely to) lead to execution of arbitrary code. Third-party applications using the RPC library provided with MIT krb5 may also be vulnerable. Other RPC libraries derived from SunRPC may be vulnerable to CVE-2007-2443. Exploitation of these vulnerabilities is believed to be difficult. (See DETAILS.) Proof-of-concept exploits which do not cause execution of unintended code exist but are not known to be publicly circulated. This is a bug in the RPC library included with MIT krb5, which is used by kadmind and by some third-party applications. It is not a bug in the Kerberos protocol. IMPACT ====== An unauthenticated remote user may be able to cause a host running kadmind to execute arbitrary code. CVE-2007-2442 is more likely to lead to arbitrary code execution than CVE-2007-2443. Successful exploitation can compromise the Kerberos key database and host security on the host running these programs. (kadmind typically runs as root.) Unsuccessful exploitation attempts will likely result in the affected program crashing. Third-party applications calling the RPC library provided with MIT krb5 may be vulnerable. Other RPC libraries derived from SunRPC may be vulnerable. AFFECTED SOFTWARE ================= * kadmind from MIT releases up to and including krb5-1.6.1 * third-party applications calling the RPC library included in MIT releases up to and including krb5-1.6.1 FIXES ===== * The upcoming krb5-1.6.2 release, as well as the upcoming krb5-1.5.4 maintenance release, will contain fixes for this vulnerability. Prior to that release you may: * apply the patch This patch is also available at http://web.mit.edu/kerberos/advisories/2007-004-patch.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc *** src/lib/rpc/svc_auth_gssapi.c (revision 20015) - --- src/lib/rpc/svc_auth_gssapi.c (local) *************** *** 149,154 **** - --- 149,156 ---- rqst->rq_xprt->xp_auth = &svc_auth_none; memset((char *) &call_res, 0, sizeof(call_res)); + creds.client_handle.length = 0; + creds.client_handle.value = NULL; cred = &msg->rm_call.cb_cred; verf = &msg->rm_call.cb_verf; *** src/lib/rpc/svc_auth_unix.c (revision 20015) - --- src/lib/rpc/svc_auth_unix.c (local) *************** *** 64,71 **** char area_machname[MAX_MACHINE_NAME+1]; int area_gids[NGRPS]; } *area; ! u_int auth_len; ! int str_len, gid_len; register int i; rqst->rq_xprt->xp_auth = &svc_auth_none; - --- 64,70 ---- char area_machname[MAX_MACHINE_NAME+1]; int area_gids[NGRPS]; } *area; ! u_int auth_len, str_len, gid_len; register int i; rqst->rq_xprt->xp_auth = &svc_auth_none; *************** *** 74,80 **** aup = &area->area_aup; aup->aup_machname = area->area_machname; aup->aup_gids = area->area_gids; ! auth_len = (u_int)msg->rm_call.cb_cred.oa_length; xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); buf = XDR_INLINE(&xdrs, (int)auth_len); if (buf != NULL) { - --- 73,81 ---- aup = &area->area_aup; aup->aup_machname = area->area_machname; aup->aup_gids = area->area_gids; ! auth_len = msg->rm_call.cb_cred.oa_length; ! if (auth_len > INT_MAX) ! return AUTH_BADCRED; xdrmem_create(&xdrs, msg->rm_call.cb_cred.oa_base, auth_len,XDR_DECODE); buf = XDR_INLINE(&xdrs, (int)auth_len); if (buf != NULL) { *************** *** 84,90 **** stat = AUTH_BADCRED; goto done; } ! memmove(aup->aup_machname, (caddr_t)buf, (u_int)str_len); aup->aup_machname[str_len] = 0; str_len = RNDUP(str_len); buf += str_len / BYTES_PER_XDR_UNIT; - --- 85,91 ---- stat = AUTH_BADCRED; goto done; } ! memmove(aup->aup_machname, buf, str_len); aup->aup_machname[str_len] = 0; str_len = RNDUP(str_len); buf += str_len / BYTES_PER_XDR_UNIT; *************** *** 104,110 **** * timestamp, hostname len (0), uid, gid, and gids len (0). */ if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { ! (void) printf("bad auth_len gid %d str %d auth %d\n", gid_len, str_len, auth_len); stat = AUTH_BADCRED; goto done; - --- 105,111 ---- * timestamp, hostname len (0), uid, gid, and gids len (0). */ if ((5 + gid_len) * BYTES_PER_XDR_UNIT + str_len > auth_len) { ! (void) printf("bad auth_len gid %u str %u auth %u\n", gid_len, str_len, auth_len); stat = AUTH_BADCRED; goto done; REFERENCES ========== This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CVE-2007-2442 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442 CVE: CVE-2007-2443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443 CERT: VU#356961 http://www.kb.cert.org/vuls/id/356961 CERT: VU#365313 http://www.kb.cert.org/vuls/id/365313 ACKNOWLEDGMENTS =============== We thank McAfee, Inc. for the initial notification. Wei Wang of McAfee Avert Labs discovered these vulnerabilities. DETAILS ======= CVE-2007-2442: The function gssrpc__svcauth_gssapi() in src/lib/rpc/svc_auth_gssapi.c declares an automatic variable "creds" of type auth_gssapi_creds. This type includes a gss_buffer_desc (which includes a pointer to void used as a pointer to a buffer of bytes). If gssrpc__svcauth_gssapi() receives an RPC credential with a length of zero, it jumps to the label "error", which executes some cleanup code. At this point, the gss_buffer_desc in "creds" is not yet initialized, and the cleanup code calls xdr_free() on "creds", which then attempts to free the memory pointed to by the uninitialized "value" member of the gss_buffer_desc. Exploitation of freeing of invalid pointers is believed to be difficult, and depends on a variety of factors specific to a given malloc implementation. CVE-2007-2443: The function gssrpc__svcauth_unix() in src/lib/rpc/svc_auth_unix.c stores an unsigned integer obtained from IXDR_GET_U_LONG into a signed integer variable "str_len". Subsequently, it checks that "str_len" is less than MAX_MACHINE_NAME, which will always be true of "str_len" is negative, which can happen when a large unsigned integer is converted to a signed integer. Once the length check succeeds, gssrpc__svcauth_unix() calls memmove() with a length of "str_len" with the target in a stack buffer. This vulnerability is believed to be difficult to exploit because the memmove() implementation receives a very large number (a negative integer converted to a large unsigned value), which will almost certainly cause some sort of memory access fault prior to returning. This probably avoids any usage of the corrupted return address in the overwritten stack frame. Note that some (perhaps unlikely) memmove() implementations may call other procedures and thus may be vulnerable to corrupted return addresses. REVISION HISTORY ================ 2007-06-26 original release Copyright (C) 2007 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRoFJz6bDgE/zdoE9AQL7gAP9E854ZZEi6Vk4sl0CbNYW3UifSZd4MQy2 djW5S/sO93k0Tji/+VQwyG5iIiWIsfotaS66ZuU80K8YTiEfXmyDp81uUUvRMJFT 8i4/L1yf43gA49GF8PV3QqS5QmzMoz8x0vp9OyUq4S/Yh4MpkcnTHW9xU1Fxdhe/ ZJxXE06kRIU= =Fcvv -----END PGP SIGNATURE----- From tlyu at MIT.EDU Tue Jun 26 14:01:27 2007 From: tlyu at MIT.EDU (Tom Yu) Date: Tue, 26 Jun 2007 14:01:27 -0400 Subject: MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-005 Original release: 2007-06-26 Last update: 2007-06-26 Topic: kadmind vulnerable to buffer overflow Severity: CRITICAL CVE: CVE-2007-2798 CERT: VU#554257 SUMMARY ======= The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a stack buffer overflow. Exploitation of overflows of stack buffers is known to be simple. We have received a proof-of-concept exploit which may invoke a shell, but we believe that this exploit is not publicly circulated. This is a bug in kadmind in MIT krb5. It is not a bug in the Kerberos protocol. IMPACT ====== An authenticated remote user may be able to cause a host running kadmind to execute arbitrary code. Successful exploitation can compromise the Kerberos key database and host security on the KDC host. (kadmind typically runs as root.) Unsuccessful exploitation attempts will likely result in kadmind crashing. AFFECTED SOFTWARE ================= * kadmind from MIT releases up to and including krb5-1.6.1 FIXES ===== * The upcoming krb5-1.6.2 release, as well as the upcoming krb5-1.5.4 maintenance release, will contain fixes for this vulnerability. Prior to that release you may: * apply the patch This patch has the patch in MITKRB5-SA-2007-002 as a prerequisite. The krb5-1.6.1 and krb5-1.5.3 releases already contains the prerequisite patch. This patch is also available at http://web.mit.edu/kerberos/advisories/2007-005-patch.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2007-005-patch.txt.asc *** src/kadmin/server/server_stubs.c (revision 20024) - --- src/kadmin/server/server_stubs.c (local) *************** *** 545,557 **** static generic_ret ret; char *prime_arg1, *prime_arg2; - - char prime_arg[BUFSIZ]; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; char *errmsg; xdr_free(xdr_generic_ret, &ret); - --- 545,558 ---- static generic_ret ret; char *prime_arg1, *prime_arg2; gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; char *errmsg; + size_t tlen1, tlen2, clen, slen; + char *tdots1, *tdots2, *cdots, *sdots; xdr_free(xdr_generic_ret, &ret); *************** *** 572,578 **** ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } ! sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2); ret.code = KADM5_OK; if (! CHANGEPW_SERVICE(rqstp)) { - --- 573,586 ---- ret.code = KADM5_BAD_PRINCIPAL; goto exit_func; } ! tlen1 = strlen(prime_arg1); ! trunc_name(&tlen1, &tdots1); ! tlen2 = strlen(prime_arg2); ! trunc_name(&tlen2, &tdots2); ! clen = client_name.length; ! trunc_name(&clen, &cdots); ! slen = service_name.length; ! trunc_name(&slen, &sdots); ret.code = KADM5_OK; if (! CHANGEPW_SERVICE(rqstp)) { *************** *** 590,597 **** } else ret.code = KADM5_AUTH_INSUFFICIENT; if (ret.code != KADM5_OK) { ! log_unauth("kadm5_rename_principal", prime_arg, ! &client_name, &service_name, rqstp); } else { ret.code = kadm5_rename_principal((void *)handle, arg->src, arg->dest); - --- 598,612 ---- } else ret.code = KADM5_AUTH_INSUFFICIENT; if (ret.code != KADM5_OK) { ! krb5_klog_syslog(LOG_NOTICE, ! "Unauthorized request: kadm5_rename_principal, " ! "%.*s%s to %.*s%s, " ! "client=%.*s%s, service=%.*s%s, addr=%s", ! tlen1, prime_arg1, tdots1, ! tlen2, prime_arg2, tdots2, ! clen, client_name.value, cdots, ! slen, service_name.value, sdots, ! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); } else { ret.code = kadm5_rename_principal((void *)handle, arg->src, arg->dest); *************** *** 600,607 **** else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); ! log_done("kadm5_rename_principal", prime_arg, errmsg, ! &client_name, &service_name, rqstp); } free_server_handle(handle); free(prime_arg1); - --- 615,629 ---- else errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); ! krb5_klog_syslog(LOG_NOTICE, ! "Request: kadm5_rename_principal, " ! "%.*s%s to %.*s%s, %s, " ! "client=%.*s%s, service=%.*s%s, addr=%s", ! tlen1, prime_arg1, tdots1, ! tlen2, prime_arg2, tdots2, errmsg, ! clen, client_name.value, cdots, ! slen, service_name.value, sdots, ! inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); } free_server_handle(handle); free(prime_arg1); REFERENCES ========== This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-005.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CVE-2007-2798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798 CERT: VU#554257 http://www.kb.cert.org/vuls/id/554257 ACKNOWLEDGMENTS =============== We thank iDefense for the initial notification. iDefense credits an anonymous discoverer. DETAILS ======= The kadmind code which performs the principal renaming operation passes unchecked string arguments to a sprintf() call which has a fixed-size stack buffer as its destination. These strings are the old and new principal names passed to the rename operation. The attacker needs to authenticate to kadmind to perform this attack, but no administrative privileges are required because the vulnerable code executes prior to privilege verification. REVISION HISTORY ================ 2007-06-26 original release Copyright (C) 2007 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (SunOS) iQCVAwUBRoFJ16bDgE/zdoE9AQJKkQP/V95mZTlvUeuc1+Pw6m3vx+0jd2yGdR9Y NiM1Kfe80u4TjvXIkCLLrIwE2E8+xSjEpGsG0EBqlRpAKOMtXyfzySYF4RdQl8QI 42joEAhYO4sk4xueb9ZC/GW1BCOobkvH+Apq1mXEndfeM/7QHRo/MJRZry8aek8r Xfd3cRNQogQ= =JE8k -----END PGP SIGNATURE-----