Bugtraq mailing list archives
Re: Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
From: mikef () ACK BERKELEY EDU (Mike Friedman)
Date: Fri, 9 Jun 2000 14:15:39 -0700
On Fri Jun 9 12:08:59 2000, Tom Yu said:
MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Tom, I notice that an earlier patch (see below) to the kerberos_v4.c module wasn't incorporated into this patch for 1.0.x. The earlier problem would allow any user, anywhere, to crash a KDC by just constructing a V4 AS request for a principal containing a string of '%s's. I applied the fix for that some time ago on my system, but I don't see it in the new patch. (Fortunately, it's just a change to one line of code, so it shouldn't mess up the line sequencing for applying this new patch). That fix *has* been carried forward in the new 1.1.1 patch; unfortunately I'm still running 1.0.6! Mike ============= *** kerberos_v4.c.orig Mon May 10 20:35:13 1999 --- kerberos_v4.c Tue Jul 13 08:41:28 1999 *************** *** 253,259 **** case L_APPL_REQ: strcpy(log_text, "PROCESS_V4:"); vsprintf(log_text+strlen(log_text), format, pvar); ! krb5_klog_syslog(logpri, log_text); /* ignore the other types... */ } va_end(pvar); --- 253,259 ---- case L_APPL_REQ: strcpy(log_text, "PROCESS_V4:"); vsprintf(log_text+strlen(log_text), format, pvar); ! krb5_klog_syslog(logpri, "%s", log_text); /* ignore the other types... */ } va_end(pvar); ---------------------------------------------------------------------------- Mike Friedman mikef () ack Berkeley EDU Communication & Network Services +1-510-642-1410 University of California at Berkeley http://ack.Berkeley.EDU/~mikef ----------------------------------------------------------------------------
Current thread:
- Using IP Filter to protect FW-1 4.0 (fwd), (continued)
- Using IP Filter to protect FW-1 4.0 (fwd) Darren Reed (Jun 12)
- FreeBSD Security Advisory: FreeBSD-SA-00:25.alpha-dev-random FreeBSD Security Advisories (Jun 12)
- RFPolicy for vulnerability disclosure rain forest puppy (Jun 12)
- CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability Johannes Westerink (Jun 12)
- SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit Moritz Jodeit (Jun 13)
- Ethics ?? : Re: local root on linux 2.2.15 Gerrie (Jun 10)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENSSH Andreas Hasenack (Jun 10)
- Trustix Security Advisory Oystein Viggen (Jun 09)
- Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Tom Yu (Jun 09)
- Remote DOS in linux rpc.lockd mmurray () FSCINTERNET COM (Jun 08)
- Re: Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Mike Friedman (Jun 09)
- Re: Sendmail 8.10.2, Linux 2.4.0 - capabilities Antonio Galea (Jun 15)
- Re: Sendmail 8.10.2, Linux 2.4.0 - capabilities Lionel Cons (Jun 16)
- Call For Participation - Raid 2000 Herve Debar (Jun 16)
- Veritas Volume Manager 3.0.x hole Dixie Flatline (Jun 16)
- Re: Veritas Volume Manager 3.0.x hole Louis-Philippe Reid (Jun 16)
- Perl Crypt::CBC concern Darryl Miles (Jun 17)
- Re: Veritas Volume Manager 3.0.x hole Doug Hughes (Jun 18)
- Re: Sendmail 8.10.2, Linux 2.4.0 - capabilities Solar Designer (Jun 17)