Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC

From: mikef () ACK BERKELEY EDU (Mike Friedman)
Date: Fri, 9 Jun 2000 14:15:39 -0700

On Fri Jun  9 12:08:59 2000, Tom Yu said:


      MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC


Tom,

I notice that an earlier patch (see below) to the kerberos_v4.c module
wasn't incorporated into this patch for 1.0.x.  The earlier problem would
allow any user, anywhere, to crash a KDC by just constructing a V4 AS
request for a principal containing a string of '%s's.  I applied the fix
for that some time ago on my system, but I don't see it in the new patch.
(Fortunately, it's just a change to one line of code, so it shouldn't mess
up the line sequencing for applying this new patch).

That fix *has* been carried forward in the new 1.1.1 patch;  unfortunately
I'm still running 1.0.6!

Mike

=============
*** kerberos_v4.c.orig  Mon May 10 20:35:13 1999
--- kerberos_v4.c       Tue Jul 13 08:41:28 1999
***************
*** 253,259 ****
      case L_APPL_REQ:
        strcpy(log_text, "PROCESS_V4:");
        vsprintf(log_text+strlen(log_text), format, pvar);
!       krb5_klog_syslog(logpri, log_text);
      /* ignore the other types... */
      }
      va_end(pvar);
--- 253,259 ----
      case L_APPL_REQ:
        strcpy(log_text, "PROCESS_V4:");
        vsprintf(log_text+strlen(log_text), format, pvar);
!       krb5_klog_syslog(logpri, "%s", log_text);
      /* ignore the other types... */
      }
      va_end(pvar);

----------------------------------------------------------------------------
Mike Friedman                             mikef () ack Berkeley EDU
Communication & Network Services          +1-510-642-1410
University of California at Berkeley      http://ack.Berkeley.EDU/~mikef
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: