Several buffer overflow vulnerabilities exist in MIT Kerberos 5 implmenetations due to buffer overflows in the Kerberos 4 compatability code.
- A remote user may gain unauthorized root access to a machine running services authenticated with Kerberos 4.
- A remote user may gain unauthorized root access to a machine running krshd, regardless of whether the program is configured to accept Kerberos 4 authentication.
- A local user may gain unauthorized root access by exploiting v4rcp or ksu.
The MIT Kerberos Team has been made aware of a security vulnerability in the Kerberos 4 compatibility code contained within the MIT Kerberos 5 source distributions. This vulnerability consists of a buffer overrun in the krb_rd_req() function, which is used by essentially all Kerberos-authenticated services that use Kerberos 4 for authentication. It is possible for an attacker to gain root access over the network by exploiting this vulnerability.
The best course of action is to patch the code in the krb4 library, in addition to patching the code in the krshd program. The following patches include some less essential patches that also affect buffer overruns in potentially vulnerable code, but for which exploits are somewhat more difficult to construct.
Please note that there are two sets of patches in this file that apply against identically named files in two different releases. You should separate out the patch set that is relevant to you prior to applying them; otherwise, you may inadvertently patch some files twice. Patches can be found at the
MIT will soon release krb5-1.2, which will have these changes incorporated.