CVE-2004-0371
CVSS5.0
发布时间 :2004-05-04 00:00:00
修订时间 :2008-09-10 15:25:59
NMCOPS    

[原文]Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.


[CNNVD]Heimdal Kerberos Cross-Realm信任假冒漏洞(CNNVD-200405-021)

        
        Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。
        Heimdal Kerberos验证合法跨域(cross-realm)请求实现存在问题,远程攻击者可以利用这个漏洞进行跨域信任伪造攻击,假冒其他用户未授权访问等。
        要检查你是否使用了跨域信任,你可以列出数据库中所有krbtgt规则进行查看:
        kadmin> get -t krbtgt/*
         krbtgt/@
         krbtgt/@
         krbtgt/@
        如果你有任何,可临时不启用这些功能:
        kadmin> mod krbtgt/@
        Max ticket life [unlimited]:
        Max renewable life [unlimited]:
        Principal expiration time [never]:
        Password expiration time [never]:
        Attributes []:+disallow-all-tix
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:kth:heimdal:0.4b
cpe:/a:kth:heimdal:0.5.2
cpe:/a:kth:heimdal:0.4c
cpe:/a:kth:heimdal:0.4a
cpe:/a:kth:heimdal:0.4d
cpe:/a:kth:heimdal:0.6.0
cpe:/a:kth:heimdal:0.5.1
cpe:/a:kth:heimdal:0.5
cpe:/a:kth:heimdal:0.4e

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0371
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0371
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200405-021
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/15701
(VENDOR_ADVISORY)  XF  heimdal-cross-realm-spoofing(15701)
http://www.debian.org/security/2004/dsa-476
(VENDOR_ADVISORY)  DEBIAN  DSA-476
http://www.pdc.kth.se/heimdal/advisory/2004-04-01/
(UNKNOWN)  CONFIRM  http://www.pdc.kth.se/heimdal/advisory/2004-04-01/
http://security.gentoo.org/glsa/glsa-200404-09.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200404-09
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/009_kerberos.patch
(UNKNOWN)  OPENBSD  20040530 009: SECURITY FIX: May 30, 2004
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:08.heimdal.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-04:08

- 漏洞信息

Heimdal Kerberos Cross-Realm信任假冒漏洞
中危 输入验证
2004-05-04 00:00:00 2005-10-20 00:00:00
本地  
        
        Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。
        Heimdal Kerberos验证合法跨域(cross-realm)请求实现存在问题,远程攻击者可以利用这个漏洞进行跨域信任伪造攻击,假冒其他用户未授权访问等。
        要检查你是否使用了跨域信任,你可以列出数据库中所有krbtgt规则进行查看:
        kadmin> get -t krbtgt/*
         krbtgt/@
         krbtgt/@
         krbtgt/@
        如果你有任何,可临时不启用这些功能:
        kadmin> mod krbtgt/@
        Max ticket life [unlimited]:
        Max renewable life [unlimited]:
        Principal expiration time [never]:
        Password expiration time [never]:
        Attributes []:+disallow-all-tix
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        KTH
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        KTH Upgrade heimdal-0.6.1.tar.gz
        ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.1.tar.gz
        KTH Upgrade heimdal-0.5.3.tar.gz
        ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.5.3.tar.gz

- 漏洞信息 (F33018)

heimdal.html (PacketStormID:F33018)
2004-04-06 00:00:00
 
advisory
CVE-2004-0371
[点击下载]

Heimdal releases prior to 0.6.1 and 0.5.3 have a cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path.

- 漏洞信息

4839
Heimdal Cross-Realm Trust Spoofing
Remote / Network Access Authentication Management, Misconfiguration
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

Heimdal fails to properly check cross-realm request. This vulnerability allows an attacker with control over a realm to impersonate/spoof anyone in the cross-realm trust path.

- 时间线

2004-04-02 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.6.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Disable the Trust between realms.

- 相关参考

- 漏洞作者

- 漏洞信息

Heimdal Kerberos Cross-Realm Trust Impersonation Vulnerability
Input Validation Error 10035
No Yes
2004-04-02 12:00:00 2009-07-12 04:06:00
This issue was disclosed by the vendor.

- 受影响的程序版本

OpenBSD OpenBSD 3.5
OpenBSD OpenBSD 3.4
KTH Heimdal 0.6.1
KTH Heimdal 0.6 .0
KTH Heimdal 0.5.3
KTH Heimdal 0.5.2
KTH Heimdal 0.5.1
+ FreeBSD FreeBSD 5.0
KTH Heimdal 0.5
- Gentoo Linux 1.4 _rc1
- Gentoo Linux 1.2
KTH Heimdal 0.4 e
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.1
- FreeBSD FreeBSD 4.0
+ S.u.S.E. Linux 8.0
KTH Heimdal 0.4 d
+ S.u.S.E. Linux 7.3
KTH Heimdal 0.4 c
KTH Heimdal 0.4 b
KTH Heimdal 0.4 a
Heimdal Heimdal 0.6.1
Heimdal Heimdal 0.6
Heimdal Heimdal 0.5.2
Heimdal Heimdal 0.5.1
Heimdal Heimdal 0.5 .0
Heimdal Heimdal 0.4 e
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Heimdal Heimdal 0.4 d
Heimdal Heimdal 0.4 c
Heimdal Heimdal 0.4 b
Heimdal Heimdal 0.4 a
KTH Heimdal 0.6.1
KTH Heimdal 0.5.3
Heimdal Heimdal 0.6.1
Heimdal Heimdal 0.5.3

- 不受影响的程序版本

KTH Heimdal 0.6.1
KTH Heimdal 0.5.3
Heimdal Heimdal 0.6.1
Heimdal Heimdal 0.5.3

- 漏洞讨论

It has been reported that Heimdal is prone to a cross-realm trust impersonation vulnerability. This issue is due to a failure of the implementation to properly validate cross-realm requests.

An attacker may leverage this issue to mask their identity, potentially conducting attacks or other nefarious activity while feigning to be someone else.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released an upgrade dealing with this issue.

Debian Linux has released advisory DSA 476-1 and fixes dealing with this issue. Please see the attached advisory for more information and details on obtaining fixes.

Gentoo has released updates for this issue that may be applied with the following commands:
# emerge sync
# emerge -pv ">=app-crypt/heimdal-0.6.1"
# emerge ">=app-crypt/heimdal-0.6.1"

FreeBSD has released advisory FreeBSD-SA-04:08 dealing with this issue. Please see the referenced advisory for more information and details on obtaining updates.

OpenBSD has released fixes to address this issue.


OpenBSD OpenBSD 3.5

OpenBSD OpenBSD 3.4

KTH Heimdal 0.4 e

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站