CVE-2003-0138
CVSS7.5
发布时间 :2003-03-24 00:00:00
修订时间 :2016-10-17 22:29:59
NMCOS    

[原文]Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.


[CNNVD]Kerberos 4协议中多个设计和实现漏洞(CNNVD-200303-066)

        
        Kerberos是一种使用广泛的采用强壮的加密来验证客户端和服务器端的网络协议。
        Kerberos 4协议加密存在多个设计错误,远程攻击者利用这些漏洞可导致控制整个Kereros验证结构系统。
        在Kerberos 4协议实现中存在多个加密漏洞,允许攻击者在Kerberos域中扮演任何用户和通过Kerberos域获得任何权限。另外,Krb4实现存在另外一个漏洞,如果三重-DES密钥用于krb4服务,允许使用拷贝和粘贴攻击来伪造krb4 tickets,搅乱整个Kerberos验证结构。
        Kerberos 4 tickets实现既不包括加密数据密码HASH,随机填补,也没有随机初始矢量,因此如果攻击者可以让适当的原文用于Kerberos服务密钥上,就可以使攻击者伪造Ticket。一般攻击者不能控制Ticket中的原文,因此这个加密漏洞较难利用。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:248Kerberos krb4 Plaintext Attack Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0138
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0138
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200303-066
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=104791775804776&w=2
(UNKNOWN)  BUGTRAQ  20030317 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
(VENDOR_ADVISORY)  CONFIRM  http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
http://www.debian.org/security/2003/dsa-266
(VENDOR_ADVISORY)  DEBIAN  DSA-266
http://www.debian.org/security/2003/dsa-269
(UNKNOWN)  DEBIAN  DSA-269
http://www.debian.org/security/2003/dsa-273
(UNKNOWN)  DEBIAN  DSA-273
http://www.kb.cert.org/vuls/id/623217
(VENDOR_ADVISORY)  CERT-VN  VU#623217
http://www.redhat.com/support/errata/RHSA-2003-051.html
(UNKNOWN)  REDHAT  RHSA-2003:051
http://www.redhat.com/support/errata/RHSA-2003-052.html
(UNKNOWN)  REDHAT  RHSA-2003:052
http://www.redhat.com/support/errata/RHSA-2003-091.html
(UNKNOWN)  REDHAT  RHSA-2003:091
http://www.securityfocus.com/archive/1/archive/1/316960/30/25250/threaded
(UNKNOWN)  BUGTRAQ  20030331 GLSA: krb5 & mit-krb5 (200303-28)
http://www.securityfocus.com/bid/7113
(UNKNOWN)  BID  7113

- 漏洞信息

Kerberos 4协议中多个设计和实现漏洞
高危 设计错误
2003-03-24 00:00:00 2005-10-20 00:00:00
远程  
        
        Kerberos是一种使用广泛的采用强壮的加密来验证客户端和服务器端的网络协议。
        Kerberos 4协议加密存在多个设计错误,远程攻击者利用这些漏洞可导致控制整个Kereros验证结构系统。
        在Kerberos 4协议实现中存在多个加密漏洞,允许攻击者在Kerberos域中扮演任何用户和通过Kerberos域获得任何权限。另外,Krb4实现存在另外一个漏洞,如果三重-DES密钥用于krb4服务,允许使用拷贝和粘贴攻击来伪造krb4 tickets,搅乱整个Kerberos验证结构。
        Kerberos 4 tickets实现既不包括加密数据密码HASH,随机填补,也没有随机初始矢量,因此如果攻击者可以让适当的原文用于Kerberos服务密钥上,就可以使攻击者伪造Ticket。一般攻击者不能控制Ticket中的原文,因此这个加密漏洞较难利用。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * krb5-1.2.6及之后的版本可以在所有交叉域中设置DISALLOW_ALL_TIX或DISALLOW_SVR属性。这会导致交叉域验证功能。
        * 关闭在Kerberos 4服务器上使用三重DES密钥。
        厂商补丁:
        MIT
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.tar.gz

- 漏洞信息

4869
MIT Kerberos 4 Chosen-plaintext Attack Realm Principle Impersonation
Cryptographic, Information Disclosure
Loss of Confidentiality

- 漏洞描述

- 时间线

2003-03-17 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Cryptographic Weaknesses in Kerberos 4 Protocol
Design Error 7113
Yes No
2003-03-17 12:00:00 2009-07-11 09:06:00
Discovery credited to Sam Hartman, Tom Yu, and Ken Raeburn.

- 受影响的程序版本

MIT Kerberos 4 Protocol
+ KTH Kerberos 4 1.1.1
+ KTH Kerberos 4 1.0.4
+ KTH Kerberos 4 1.0.3 -1.0
+ KTH Kerberos 4 1.0.3 -1
+ KTH Kerberos 4 1.0.3
+ KTH Kerberos 4 1.0.2
+ KTH Kerberos 4 1.0.1 -1
+ KTH Kerberos 4 1.0.1
+ KTH Kerberos 4 1.0 .x
+ KTH Kerberos 4 1.0 -1.0.1
+ KTH Kerberos 4 1.0
+ KTH Kerberos 4 0.10.1
+ KTH Kerberos 4 0.10
+ KTH Kerberos 4 0.9.9
+ KTH Kerberos 4 0.9.8
+ KTH Kerberos 4 0.9.7
+ KTH Kerberos 4 0.9.6 +patches
+ KTH Kerberos 4 0.9.6
+ KTH Kerberos 4 0.9.5
+ KTH Kerberos 4 0.9.3
+ KTH Kerberos 4 0.9.2 a
+ KTH Kerberos 4 0.9.2
+ KTH Kerberos 4 0.9.1
+ KTH Kerberos 4 0.9
+ KTH Kerberos 4 0.8
+ KTH Kerberos 4 0.7
+ KTH Kerberos 4 0.6
+ KTH Kerberos 4 0.5
+ KTH Kerberos 4 0.1
+ KTH Kerberos 4 0.0
+ MIT Kerberos 4 4.0 patch 10
+ MIT Kerberos 4 4.0
+ MIT Kerberos 4 1.1
+ MIT Kerberos 4 1.0
+ MIT Kerberos 5 1.2.7
+ MIT Kerberos 5 1.2.6
+ MIT Kerberos 5 1.2.5
+ MIT Kerberos 5 1.2.4
+ MIT Kerberos 5 1.2.3
+ MIT Kerberos 5 1.2.2 -beta1
+ MIT Kerberos 5 1.2.2
+ MIT Kerberos 5 1.2.1
+ MIT Kerberos 5 1.2
+ MIT Kerberos 5 1.1.1
+ MIT Kerberos 5 1.1
+ MIT Kerberos 5 1.0.8
+ MIT Kerberos 5 1.0.6
+ MIT Kerberos 5 1.0
+ OpenAFS OpenAFS 1.3.2
+ OpenAFS OpenAFS 1.3.1
+ OpenAFS OpenAFS 1.3
+ OpenAFS OpenAFS 1.2.8
+ OpenAFS OpenAFS 1.2.7
+ OpenAFS OpenAFS 1.2.6
+ OpenAFS OpenAFS 1.2.5
+ OpenAFS OpenAFS 1.2.4
+ OpenAFS OpenAFS 1.2.3
+ OpenAFS OpenAFS 1.2.2 b
+ OpenAFS OpenAFS 1.2.2 a
+ OpenAFS OpenAFS 1.2.2
+ OpenAFS OpenAFS 1.2.1
+ OpenAFS OpenAFS 1.2
+ OpenAFS OpenAFS 1.1.1 a
+ OpenAFS OpenAFS 1.1.1
+ OpenAFS OpenAFS 1.1
+ OpenAFS OpenAFS 1.0.4 a
+ OpenAFS OpenAFS 1.0.4
+ OpenAFS OpenAFS 1.0.3
+ OpenAFS OpenAFS 1.0.2
+ OpenAFS OpenAFS 1.0.1
+ OpenAFS OpenAFS 1.0
Heimdal Heimdal 0.5.1
Heimdal Heimdal 0.5 .0
Heimdal Heimdal 0.4 e
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Heimdal Heimdal 0.4 d
Heimdal Heimdal 0.4 c
Heimdal Heimdal 0.4 b
Heimdal Heimdal 0.4 a
Heimdal Heimdal 0.3 f
OpenAFS OpenAFS 1.2.9
Heimdal Heimdal 0.6
Heimdal Heimdal 0.5.2

- 不受影响的程序版本

OpenAFS OpenAFS 1.2.9
Heimdal Heimdal 0.6
Heimdal Heimdal 0.5.2

- 漏洞讨论

Multiple cryptographic weaknesses have recently been reported to affect the Kerberos 4 protocol. These are design faults and affect every full implementation of the protocol. The most serious allows for an adversary to impersonate any principal in a realm. This can result in a complete compromise of the Kerberos Domain Controller and any hosts which rely on it for authentication. Another weakness allow fabrication of Kerberos 4 tickets for unauthorized client principals if triple-DES keys are used to key Kerberos 4 services.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Debian has released fixes for Kerberos 4 and Heimdal packages (DSA 273-1, DSA 269-2). Links to the fixes can be found in the Debian advisories in the References section.

NetBSD has released an advisory (2003-006). NetBSD users are advised to upgrade systems via CVS or to disable all kerberos cross-realm functionality until an upgrade is complete. Further details are available in the referenced advisory.

OpenBSD has released patches which address this issue.

A patch for Kerberos 5 with the affected Kerberos 4 code included is available. This patch may be downloaded at http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.tar.gz. This patch is not for the Kerberos 4 standalone code.

The OpenAFS Project has released a patch that resolves this issue. Additionally, this problem will be fixed in the forthcoming 1.2.9 release.

Gentoo Linux has released advisory 200303-26, 200305-09, and also advisory 200303-28. Fixes available resolve issues in OpenAFS (200303-26), Heimdal (200305-09) and also Kerberos (200303-28). More information concerning upgrading vulnerable systems is available in the referenced advisories.

Conectiva has released a security advisory (CLA-2003:639) containing fixes which address this issue. Users are advised to upgrade as soon as possible.


MIT Kerberos 4 Protocol

Heimdal Heimdal 0.4 e

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站