Article

Sun closes Kerberos-related security holes in Solaris 9

Bill Brenner

Sun Microsystems said Solaris 9 users should apply a patch it issued Tuesday to protect systems against vulnerabilities in the Kerberos Key Distribution Center (KDC) and Kerberos V5 libraries.

Paul Sangster, senior Solaris security architect for the Santa Clara, Calif.-based company, said the vulnerabilities would be difficult to exploit and he's unaware of attempts to do so. "However," he said, "we strongly encourage customers to apply the patch because any exploit of a Kerberos [Key Distribution Center] could be costly."

Noting that the KDC houses the secret keys that enable Kerberos to be safely used, Sangster added, "The patch should be applied to all systems using Kerberos… in addition to the KDC."

Sangster said Sun discovered the

    Requires Free Membership to View

vulnerabilities while doing a security review of the code this past summer. The Massachusetts Institute of Technology (MIT) Kerberos Team issued advisories on the vulnerabilities Aug. 31, warning that Kerberos 5 software could allow an attacker to launch arbitrary code or put machines into an endless loop.

The first advisory described a "double-free" vulnerability in the KDC program a remote attacker could use to execute arbitrary code. "Compromise of a KDC host compromises the security of the entire authentication realm served by the KDC," the advisory said. "Additionally, double-free vulnerabilities exist in MIT Kerberos 5 library code, making client programs and application servers vulnerable."

The second advisory described flaws in the ASN.1 decoder library an attacker could exploit to cause a denial of service or an infinite loop in the decoder. The KDC is also vulnerable to this attack. "An unauthenticated remote attacker can cause a KDC or application server to hang inside an infinite loop," the advisory said. "An attacker impersonating a legitimate KDC or application server may cause a client program to hang inside an infinite loop."

The patch Sun released fixes the problem in Solaris 9 on the SPARC and x86 platforms.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: