漏洞信息详情
MIT Kerberos 5 KAdminD 安全漏洞
- CNNVD编号:CNNVD-200706-445
- 危害等级: 超危
- CVE编号: CVE-2007-2443
- 漏洞类型: 其他
- 发布时间: 2006-06-01
- 威胁类型:
- 更新时间: 2021-02-03
- 厂 商: mit
- 漏洞来源: Wei Wang
漏洞简介
MIT Kerberos是美国麻省理工(MIT)的一个用于在网络集群中进行身份验证的软件。Kerberos 同时作为一种网络认证协议,其设计目标是通过密钥系统为客户机 / 服务器应用程序提供强大的认证服务。
Kerberos在处理RPC接口上的数据类型转换时存在安全漏洞,远程攻击者可能利用此漏洞控制服务器或导致拒绝服务。
Kerberos src/lib/rpc/svc_auth_unix.c文件中的gssrpc__svcauth_unix()函数将从IXDR_GET_U_LONG获得的无符整数存储到了有符整型变量str_len,然后检查str_len是否小于MAX_MACHINE_NAME,当将很大的无符整型转换为有符整型时str_len总为负值。一旦通过了长度检查,gssrpc__svcauth_unix()就会用str_len的长度调用memmove(),目标为栈中缓冲区。
这个漏洞很难被利用,因为memmove()实现接收到了很大数值的话就会在返回之前出现内存访问错误,导致无法利用被覆盖栈帧中被破坏的返回地址。但有些memmove()实现也可能调用其他过程,因此可以利用被破坏的返回地址。
成功攻击可能导致完全入侵Kerberos密钥数据库,破坏KDC主机的安全性(kadmind通常以root权限运行),不成功的攻击也会导致kadmind崩溃。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1323-1)以及相应补丁:
DSA-1323-1:New krb5 packages fix several vulnerabilities
链接:
http://www.debian.org/security/2007/dsa-1323
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge5.dsc
Size/MD5 checksum:782 b600466763baa4f89a8fed5a832eb9d3
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge5.diff.gz
Size/MD5 checksum: 669293 0e9dfa39e8db2e0ce871ba40c46c925e
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz
Size/MD5 checksum:6526510 7974d0fc413802712998d5fc5eec2919
Architecture independent components:
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge5_all.deb
Size/MD5 checksum: 718836 58c01536ff87db5d3492264349fe844c
Alpha architecture:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge5_alpha.deb
Size/MD5 checksum: 115250 ac5498fab92f1047f47f45bb8269fcee
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge5_alpha.deb
Size/MD5 checksum: 247680 f5201ab228a84b6f25ed42e422f6fd92
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge5_alpha.deb
Size/MD5 checksum:62994 fd67dbebb83e11fe7a8d35b4a5209293
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge5_alpha.deb
Size/MD5 checksum: 137138 d44e84b8e1c36215644d8224ae685e96
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge5_alpha.deb
Size/MD5 checksum:89720 a4b4f7829ef043e7013887fdb967606f
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge5_alpha.deb
Size/MD5 checksum:72246 cf93e00c42669deba711fcfbde5285c8
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge5_alpha.deb
Size/MD5 checksum: 144880 e71073e49208fae27ef0a20c7920ad48
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge5_alpha.deb
Size/MD5 checksum: 201848 7e5171239d1e3970665029a2286acbb4
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge5_alpha.deb
Size/MD5 checksum: 861082 4017652625bc8408d5e1eb3f056699c4
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge5_alpha.deb
Size/MD5 checksum: 422580 385ae85ece57a191de28006b2b1ed342
AMD64 architecture:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge5_amd64.deb
Size/MD5 checksum: 104806 d3cb00189b4a3860ed2c89620733d4bb
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge5_amd64.deb
Size/MD5 checksum: 216896 c33630904c3b747231ab395734213076
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge5_amd64.deb
Size/MD5 checksum:56952 7a55c1a696cf6d7afe84fdbc0ecc59c5
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge5_amd64.deb
Size/MD5 checksum: 124744 600f391ee2adc80b057309ccd45b0748
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge5_amd64.deb
Size/MD5 checksum:82710 8baedacdf63faf0bf27c41997f15a0d7
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge5_amd64.deb
Size/MD5 checksum:63508 9b9d4ab137302d171649de86dbd5f2a7
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge5_amd64.deb
Size/MD5 checksum: 137754 536e88b5bdab0b8385fdd151d7295555
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge5_amd64.deb
Size/MD5 checksum: 177638 47af31f544051191e34a81bb230f3e69
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge5_amd64.deb
Size/MD5 checksum: 652300 64c39da5cd28173831c590c1a61024e1
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge5_amd64.deb
Size/MD5 checksum: 369328 e69e658a600a340b7a981052cc93ba9f
ARM architecture:
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge5_arm.deb
Size/MD5 checksum:93646 faaef2bab601737cacaf68e76e3dbf34
http://security.debian.org/pool/updates/main/k/krb5/krb5-clien
参考网址
来源:SECUNIA
链接:http://secunia.com/advisories/25801
来源:SECUNIA
链接:http://secunia.com/advisories/25800
来源:SECUNIA
链接:http://secunia.com/advisories/25888
来源:SECUNIA
链接:http://secunia.com/advisories/27706
来源:UBUNTU
链接:http://www.ubuntu.com/usn/usn-477-1
来源:CONFIRM
链接:http://docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/article.HTML?artnum=306172
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2010/1574
来源:HP
链接:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427
来源:SECUNIA
链接:http://secunia.com/advisories/25894
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/35085
来源:CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce//2007/Jul/msg00004.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/25890
来源:CERT
链接:http://www.us-cert.gov/cas/techalerts/TA07-177A.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/25911
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2007-0562.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/40346
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7131
来源:CONFIRM
链接:https://secure-support.novell.com/KanisaPlatform/Publishing/773/3248163_f.SAL_Public.HTML
来源:TRUSTIX
链接:http://www.trustix.org/errata/2007/0021/
来源:SECTRACK
链接:http://www.securitytracker.com/id?1018293
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2007-0384.HTML
来源:GENTOO
链接:http://security.gentoo.org/glsa/glsa-200707-11.xml
来源:SECUNIA
链接:http://secunia.com/advisories/25821
来源:DEBIAN
链接:https://www.debian.org/security/2007/dsa-1323
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/472432/100/0/threaded
来源:SECUNIA
链接:http://secunia.com/advisories/25870
来源:OSVDB
链接:http://osvdb.org/36597
来源:BID
链接:https://www.securityfocus.com/bid/24657
来源:BID
链接:https://www.securityfocus.com/bid/25159
来源:SECUNIA
链接:http://secunia.com/advisories/25814
来源:SECUNIA
链接:http://secunia.com/advisories/26228
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2007/2491
来源:SECUNIA
链接:http://secunia.com/advisories/26909
来源:CONFIRM
链接:https://issues.rpath.com/browse/RPL-1499
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2007/2732
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2007/3229
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/472288/100/0/threaded
来源:SUSE
链接:http://www.novell.com/linux/security/advisories/2007_38_krb5.HTML
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/472507/30/5970/threaded
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2007/2337
来源:FULLDISC
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.HTML
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11277
来源:SECUNIA
链接:http://secunia.com/advisories/26235
来源:CONFIRM
链接:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-004.txt
来源:CERT-VN
链接:http://www.kb.cert.org/vuls/id/365313
来源:CONFIRM
链接:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt
来源:MANDRIVA
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:137
来源:SECUNIA
链接:http://secunia.com/advisories/26033
受影响实体
- Mit Kerberos:5-1.6.1
补丁
暂无
评论