多个厂商Kerberos 5/Kerberos 4 兼容问题的krb_rd_req()函数的缓冲区溢出漏洞

漏洞信息详情

多个厂商Kerberos 5/Kerberos 4 兼容问题的krb_rd_req()函数的缓冲区溢出漏洞

• CNNVD编号：CNNVD-200005-057
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2000-0389
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2000-05-16
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-07-27
  
• 厂        商：
  
  cygnus
• 漏洞来源：
  ‘);”>This vulnerability…

Kerberos 4 and 5 的krb_rd_req函数存在缓冲区溢出漏洞，远程攻击者可以利用这个漏洞获取根权限。

MIT will release krb5-1.2 shortly, which will remedy these problems in the MIT codebase. Patches are available against krb5-1.0.x., and krb5-1.1.1
Users upgrading to krb5-1.1.1 and compiling with the –without-krb4 option also need to apply patches against the login program to prevent a dangling else clause.
Removing the setuid bit on the v4rcp binary will eliminate that specific vulnerability under RedHat Linux 6.2. It will not remove additional problems present if Kerberos is installed.
Any users still using FreeBSD 2.2.5 and who have installed the optional Kerberos distribution are urged to upgrade to 2.2.8-STABLE or later. Note however that FreeBSD 2.x is no longer an officially supported version, nor are security fixes always provided.
RedHat has released patches. See the RedHat advisory
http://www.redhat.com/support/errata/RHSA-2000-025.html
MIT Kerberos 5 5.0 -1.0.x

• MIT krb5-1.0.x.patch
  
  http://www.securityfocus.com/data/vulnerabilities/patches/krb5-1.0.x.p
  atch

MIT Kerberos 5 5.0 -1.1.1

• MIT krb5-1.1.1.patch
  
  http://www.securityfocus.com/data/vulnerabilities/patches/krb5-1.1.1.p
  atch

来源:CERT/CC Advisory: CA-2000-06
名称: CA-2000-06
链接:http://www.cert.org/advisories/CA-2000-06.html

来源: BID
名称: 1220
链接:http://www.securityfocus.com/bid/1220

来源: REDHAT
名称: RHSA-2000:025
链接:http://www.redhat.com/support/errata/RHSA-2000-025.html

来源: FREEBSD
名称: FreeBSD-SA-00:20
链接:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html

来源: BUGTRAQ
名称: 20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html