漏洞信息详情
Kerberos Administration Daemon远程缓冲区溢出漏洞
- CNNVD编号:CNNVD-200211-012
- 危害等级: 超危
![图片[1]-Kerberos Administration Daemon远程缓冲区溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-04-26/c4e67a37c54aee8c0e1983d8333a9158.png)
- CVE编号:
CVE-2002-1235
- 漏洞类型:
边界条件错误
- 发布时间:
2002-10-25
- 威胁类型:
远程
- 更新时间:
2006-09-27
- 厂 商:
mit - 漏洞来源:
-
漏洞简介
Kerberos是美国麻省理工学院(MIT)开发的一套网络认证协议,它采用客户端/服务器结构,并且客户端和服务器端均可对对方进行身份认证(即双重验证),可防止窃听、防止replay攻击等。Kerberos administration daemon(一般成为kadmind)处理密码更改和其他修改Kerberos数据库请求。
Kerberos 4 管理协议在读取来自网络请求的数据缺少充分的检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,以kadmind进程的权限(一般是root)在系统上执行任意指令。
Kerberos 4 管理协议在读取网络请求数据,并作为参数提交给memcpy()调用时缺少正确的缓冲区边界检查,攻击者可以提交大量数据破坏堆栈中分配的缓冲区,精心构建提交数据可以覆盖堆栈返回地址以kadmind进)的权限(一般是root)在系统上执行任意指令。攻击者不需要任何验证信息就可以利用这个漏洞。
Massachusetts Institute of Technology (MIT)和Kungl Tekniska H?gskolan (KTH) Kerberos实现代码都存在此漏洞,因此所有源自MIT和KTH代码的其他应用程序实现都存在此问题。在MIT Kerberos 5中,Kerberos 4管理守护程序在kadmind4中实现,在KTH Kerberos 4 (eBones)中,Kerberos管理守护程序由kadmind实现。KTH Kerberos 5 (Heimdal)也在kadmind中实现。
根据报告,已经有利用代码出现,下面的链接包含了攻击特征信息:
http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_attacksig.txt
<*链接:http://www.cert.org/advisories/CA-2002-29.html
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NETBSD-SA2002-026.txt.asc
http://www.debian.org/security/2002/dsa-184
*>
漏洞公告
临时解决方法:
如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 如果Kerberos 4管理协议不需要可以关闭此支持,在MIT Kerberos5中,这可以通过关闭kadmind4来实现。要在MIT Kerberos5编译阶段关闭所有Kerberos 4支持,请参看:
http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.6/doc/install.html#SEC24” target=”_blank”>
http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.6/doc/install.html#SEC24
在KTH Heimdal,需要重新编译kadmind关闭对Kerberos 4管理协议的支持,要在KTH Heimdal编译阶段关闭所有Kerberos 4支持,请参看:
http://www.pdc.kth.se/heimdal/heimdal.html#Building%20and%20Installing” target=”_blank”>
http://www.pdc.kth.se/heimdal/heimdal.html#Building%20and%20Installing
* 使用访问控制阻止不信任网络访问Kerberos管理服务。默认Kerberos 4管理守护程序监听TCP/751和UDP/751,而erberos 5 管理守护程序监听749/tcp和749/udp口。
厂商补丁:
Conectiva
———
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://distro.conectiva.com/atualizacoes/” target=”_blank”>
http://distro.conectiva.com/atualizacoes/
Debian
——
Debian已经为此发布了一个安全公告(DSA-184-1)以及相应补丁:
DSA-184-1:New krb4 packages fix buffer overflow
链接:http://www.debian.org/security/2002/dsa-184” target=”_blank”>
http://www.debian.org/security/2002/dsa-184
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.0-2.2.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.0-2.2.dsc
Size/MD5 checksum: 810 603ae125455b1ddb609e3c6ca094bb03
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.0-2.2.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.0-2.2.diff.gz
Size/MD5 checksum: 13872 d2a852e791a81fb04924ae78a7dd1072
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.0.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.0.orig.tar.gz
Size/MD5 checksum: 1383337 847d13e410778af000d9a42d3ad52d04
Alpha architecture:
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.2_alpha.deb
Size/MD5 checksum: 214422 40dbbc867b0c1dd2f75246f910408e7e
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.2_alpha.deb
Size/MD5 checksum: 171488 2bbea4225ea5c1da1f73003cef4aa521
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.2_alpha.deb
Size/MD5 checksum: 73862 597fd8b9d751c0cd9ccb6ed976cf9552
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.2_alpha.deb
Size/MD5 checksum: 212946 86b36dac7bf52ddd056def1908bc4a3f
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.2_alpha.deb
Size/MD5 checksum: 117776 fa937bcb2c48a0be22d79bf6eb74b6ef
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.2_alpha.deb
Size/MD5 checksum: 69812 0a1b63b714fd3e962dfe60186de5d0d6
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.2_alpha.deb
Size/MD5 checksum: 235080 1737c89f0c9b3db1660aa2733f219141
ARM architecture:
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.2_arm.deb
Size/MD5 checksum: 166768 afb6035551df81b2cc3a7cf44871704a
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.2_arm.deb
Size/MD5 checksum: 135256 021e9fc9bf3826657b82e641ac560d9e
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.2_arm.deb
Size/MD5 checksum: 58974 cfc595302880e2037a7290ad389db4b5
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.2_arm.deb
Size/MD5 checksum: 163204 38e6cbf9dbdcc70ad1b717538ed23608
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.2_arm.deb
Size/MD5 checksum: 104468 852edb096d5565718a557c40e5e94cd5
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.2_arm.deb
Size/MD5 checksum: 55218 7b5cd2afa26faf657516232fe98dbe45
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.2_arm.deb
Size/MD5 checksum: 212316 4de37802fc7dfe314864d2bbf670b4ab
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.2_i386.deb
Size/MD5 checksum: 159672 97ecbfdc6e8244f2bf6e2a83829def29
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.2_i386.deb
Size/MD5 checksum: 126022 b71a64833cba04b729ae61d767523715
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.2_i386.deb
Size/MD5 checksum: 59414 a573f174689381d3043e5137dec68d43
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.2_i386.deb
Size/MD5 checksum: 159176 44fd474735dfd8fbc26cccdf1f488e2a
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.2_i386.deb
Size/MD5 checksum: 103836 09f7968d715bebdf6298f4216c3495d9
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.2_i386.deb
Size/MD5 checksum: 53336 c8a2c03a26aa08533bd0563c57f8f9fe
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.2_i386.deb
Size/MD5 checksum: 209002 8dd6dcb1c73eb690b53e738b292baa8d
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.2_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.2_m68k.deb
Size/MD5 checksum: 150592 07fbd55f7cf88b6b6c603422ec1e7412
参考网址
来源:CERT/CC Advisory: CA-2002-29
名称: CA-2002-29
链接:http://www.cert.org/advisories/CA-2002-29.html
来源:US-CERT Vulnerability Note: VU#875073
名称: VU#875073
链接:http://www.kb.cert.org/vuls/id/875073
来源: BID
名称: 6024
链接:http://www.securityfocus.com/bid/6024
来源: DEBIAN
名称: DSA-184
链接:http://www.debian.org/security/2002/dsa-184
来源: BUGTRAQ
名称: 20021023 MITKRB5-SA-2002-002: Buffer overflow in kadmind4
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103539530729206&w=2
来源: REDHAT
名称: RHSA-2002:242
链接:http://www.redhat.com/support/errata/RHSA-2002-242.html
来源: www.pdc.kth.se
链接:http://www.pdc.kth.se/heimdal/
来源: MANDRAKE
名称: MDKSA-2002:073
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-073.php
来源: XF
名称: kerberos-kadmind-bo(10430)
链接:http://www.iss.net/security_center/static/10430.php
来源: DEBIAN
名称: DSA-185
链接:http://www.debian.org/security/2002/dsa-185
来源: DEBIAN
名称: DSA-183
链接:http://www.debian.org/security/2002/dsa-183
来源: web.mit.edu
链接:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt
来源: web.mit.edu
链接:http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_attacksig.txt
来源: BUGTRAQ
名称: 20021027 Re: Buffer overflow in kadmind4
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103582805330339&w=2
来源: BUGTRAQ
名称: 20021028 GLSA: krb5
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103582517126392&w=2
来源: BUGTRAQ
名称: 20021026 Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103564944215101&w=2
来源: CONECTIVA
名称: CLA-2002:534
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000534
来源: BUGTRAQ
名称: 20021027 KRB5-SORCERER2002-10-27 Security Update
链接:http://archives.neohapsis.com/archives/bugtraq/2002-10/0399.html
来源: NETBSD
名称: NetBSD-SA2002-026
链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.asc
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
