CVE-2004-0523
CVSS10.0
发布时间 :2004-08-18 00:00:00
修订时间 :2016-10-17 22:45:54
NMCO    

[原文]Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.


[CNNVD]MIT Kerberos 5 KRB5_AName_To_Localname多个principal名缓冲区溢出漏洞(CNNVD-200408-146)

        
        Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。
        Kerberos 5在krb5_aname_to_localname()和helper函数中对用户提供数据缺少充分边界检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以进程权限在系统上执行任意指令。
        krb5_aname_to_localname()库函数存在多个缓冲区溢出漏洞可导致获得未授权的root用户访问。问题只有当krb5_aname_to_localname()使用确切映射或基于规则的映射功能时才存在,这些配置是非默认配置,而且不常用。
        如果确切映射功能使能的情况下,攻击者必须使用确切映射列表中所列的principal名来验证。
        如果使用基于规则映射功能,攻击者必须在本地Kerberos realm或在一个可以通过交叉域认证从本地区域访问到的远程区域建立任意principal名来验证。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:sun:solaris:9.0::x86
cpe:/a:mit:kerberos:5-1.2.3MIT Kerberos 5 1.2.3
cpe:/o:sun:solaris:8.0::x86
cpe:/a:mit:kerberos:5-1.2.4MIT Kerberos 5 1.2.4
cpe:/a:mit:kerberos:5_1.0.6MIT Kerberos 5 1.0.6
cpe:/a:mit:kerberos:5_1.3.3MIT Kerberos 5 5.0_1.3.3
cpe:/a:mit:kerberos:5-1.2.1MIT Kerberos 5 1.2.1
cpe:/a:mit:kerberos:5-1.2.2MIT Kerberos 5 1.2.2
cpe:/a:tinysofa:tinysofa_enterprise_server:1.0
cpe:/a:mit:kerberos:5-1.2.7MIT Kerberos 5 1.2.7
cpe:/a:mit:kerberos:1.0
cpe:/a:mit:kerberos:5-1.2.5MIT Kerberos 5 1.2.5
cpe:/a:mit:kerberos:5-1.2.6MIT Kerberos 5 1.2.6
cpe:/a:sun:seam:1.0Sun SEAM 1.0
cpe:/a:sun:seam:1.0.1Sun SEAM 1.0.1
cpe:/a:sun:seam:1.0.2Sun SEAM 1.0.2
cpe:/a:mit:kerberos:1.0.8
cpe:/o:sun:solaris:8.0
cpe:/a:sgi:propack:2.4SGI ProPack 2.4
cpe:/a:sgi:propack:3.0SGI ProPack 3.0
cpe:/a:mit:kerberos:5_1.1.1MIT Kerberos 5 1.1.1
cpe:/a:mit:kerberos:5_1.2:beta2MIT Kerberos 5 5.0_1.2 Beta2
cpe:/a:mit:kerberos:5_1.1MIT Kerberos 5 1.1
cpe:/a:mit:kerberos:5-1.3MIT Kerberos 5 1.3
cpe:/a:mit:kerberos:5_1.2:beta1MIT Kerberos 5 5.0_1.2 Beta1
cpe:/a:mit:kerberos:5_1.0MIT Kerberos 5 krb5_1.0
cpe:/a:mit:kerberos:5-1.3:alpha1MIT Kerberos 5 1.3 alpha1
cpe:/a:tinysofa:tinysofa_enterprise_server:1.0_u1
cpe:/o:sun:solaris:9.0::sparc
cpe:/a:mit:kerberos:1.2.2.beta1
cpe:/a:mit:kerberos:5-1.1MIT Kerberos 5 5.0_1.1
cpe:/a:mit:kerberos:5-1.2MIT Kerberos 5 1.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:991Mutliple BO Vulnerabilities in MIT Kerberos 5
oval:org.mitre.oval:def:724MIT Kerberos 5 KRB5_AName_To_Localname Multiple Principal Name Buffer Overrun Vulnerabilities
oval:org.mitre.oval:def:2002Multiple Buffer Overflows in Kerberos 5 (krb5_aname_to_localname)
oval:org.mitre.oval:def:10295Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0523
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0523
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-146
(官方数据源) CNNVD

- 其它链接及资源

ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
(UNKNOWN)  SGI  20040604-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
(UNKNOWN)  SGI  20040605-01-U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860
(UNKNOWN)  CONECTIVA  CLA-2004:860
http://lwn.net/Articles/88206/
(UNKNOWN)  FEDORA  FEDORA-2004-149
http://marc.info/?l=bugtraq&m=108612325909496&w=2
(UNKNOWN)  BUGTRAQ  20040601 MITKRB5-SA-2004-001: buffer overflows in krb5_aname_to_localname
http://marc.info/?l=bugtraq&m=108619161815320&w=2
(UNKNOWN)  BUGTRAQ  20040602 TSSA-2004-009 - kerberos5
http://marc.info/?l=bugtraq&m=108619250923790&w=2
(UNKNOWN)  TRUSTIX  2004-0032
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101512-1
(UNKNOWN)  SUNALERT  101512
http://www.debian.org/security/2004/dsa-520
(VENDOR_ADVISORY)  DEBIAN  DSA-520
http://www.gentoo.org/security/en/glsa/glsa-200406-21.xml
(UNKNOWN)  GENTOO  GLSA-200406-21
http://www.kb.cert.org/vuls/id/686862
(VENDOR_ADVISORY)  CERT-VN  VU#686862
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:056
(UNKNOWN)  MANDRAKE  MDKSA-2004:056
http://www.redhat.com/support/errata/RHSA-2004-236.html
(UNKNOWN)  REDHAT  RHSA-2004:236
http://www.securityfocus.com/bid/10448
(UNKNOWN)  BID  10448
http://xforce.iss.net/xforce/xfdb/16268
(UNKNOWN)  XF  Kerberos-krb5anametolocalname-bo(16268)

- 漏洞信息

MIT Kerberos 5 KRB5_AName_To_Localname多个principal名缓冲区溢出漏洞
危急 边界条件错误
2004-08-18 00:00:00 2006-09-05 00:00:00
远程  
        
        Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。
        Kerberos 5在krb5_aname_to_localname()和helper函数中对用户提供数据缺少充分边界检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以进程权限在系统上执行任意指令。
        krb5_aname_to_localname()库函数存在多个缓冲区溢出漏洞可导致获得未授权的root用户访问。问题只有当krb5_aname_to_localname()使用确切映射或基于规则的映射功能时才存在,这些配置是非默认配置,而且不常用。
        如果确切映射功能使能的情况下,攻击者必须使用确切映射列表中所列的principal名来验证。
        如果使用基于规则映射功能,攻击者必须在本地Kerberos realm或在一个可以通过交叉域认证从本地区域访问到的远程区域建立任意principal名来验证。
        

- 公告与补丁

        厂商补丁:
        MIT
        ---
        针对krb5-1.3.3已经出了补丁程序,用户可以在src/lib/krb5/os/an_to_ln.c中采用补丁,并重新编译受影响的库和应用程序。
        补丁可从如下地址找到:
        
        http://web.mit.edu/kerberos/advisories/2004-001-an_to_ln_patch.txt

        PGP签字:
        
        http://web.mit.edu/kerberos/advisories/2004-001-an_to_ln_patch.txt.asc

        krb5-1.3.4版本已经修正此问题,建议用户下载使用。

- 漏洞信息

6846
MIT Kerberos 5 krb5_aname_to_localname() Buffer Overflow
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

A remote overflow exists in Kerberos 5. Kerberos fails to check the string length in the functions aname_replacer(), do_replacement() and rule_an_to_ln() resulting in a heap buffer overflow. With a specially crafted request, an attacker can gain remote access as root resulting in a loss of confidentiality, integrity, and/or availability. This vulnerability only exists when the software is used with a non-standard configuration. Please see the MIT release notes for the details.

- 时间线

2004-06-01 2004-06-01
Unknow Unknow

- 解决方案

Upgrade to Kerberos version 1.3.4 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the patch provided in the original MIT advisory.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站