正文

Kerberos 5 KAdminD服务程序远程栈溢出漏洞

admin
admin V管理员 /0 评论 /6 阅读
0103
此篇文章发布距今已超过1281天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Kerberos 5 KAdminD服务程序远程栈溢出漏洞

  • CNNVD编号:CNNVD-200704-084
    • <!--
  • 危害等级: 超危-->
  • 危害等级: 超危
  • CVE编号: CVE-2007-0957
  • 漏洞类型: 缓冲区错误
  • 发布时间: 2007-03-28
  • 威胁类型: 远程
  • 更新时间: 2021-02-03
  • 厂        商: mit
  • 漏洞来源: iDEFENSE

漏洞简介

Kerberos是美国麻省理工学院(MIT)开发的一套网络认证协议,它采用客户端/服务器结构,并且客户端和服务器端均可对对方进行身份认证(即双重验证),可防止窃听、防止replay攻击等。MIT Kerberos 5(又名krb5)是美国麻省理工学院(MIT)开发的一套网络认证协议,它采用客户端/服务器结构,并且客户端和服务器端均可对对方进行身份认证(即双重验证),可防止窃听、防止replay攻击等。

Kerberos 5 KAdminD服务程序在处理畸形格式的日志串时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制服务器。

Kerberos 5的krb5_klog_syslog()使用vsprintf()将文本格式化到固定长度的栈缓冲区。在该函数调用中所使用的\"\\%s\"之类的格式标识符可能导致格式化过多的字符串,以至于覆盖到栈缓冲区末尾之后的内存。

KDC在记录日志之前会截短大多数发送给客户端的字符串,但没有截短transited-realms字符串。与目标域共享密钥的恶意KDC可以发布有特制transited-realms字符串的凭据来触发栈溢出,导致拒绝服务或执行任意指令。其他调用krb5_klog_syslog()的服务器应用也可能受影响。

漏洞公告

厂商补丁:

Debian

------

Debian已经为此发布了一个安全公告(DSA-1276-1)以及相应补丁:

DSA-1276-1:New krb5 packages fix several vulnerabilities

链接:

http://www.debian.org/security/2007/dsa-1276" target="_blank">

http://www.debian.org/security/2007/dsa-1276

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge4.dsc" target="_blank">

http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge4.dsc

Size/MD5 checksum: 782 a4a9a2cff9292af1de210f83edcee281

http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge4.diff.gz" target="_blank">

http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge4.diff.gz

Size/MD5 checksum: 666048 006edbace85ee6fab561c8f5ba59914d

http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz" target="_blank">

http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz

Size/MD5 checksum: 6526510 7974d0fc413802712998d5fc5eec2919

Architecture independent components:

http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge4_all.deb" target="_blank">

http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge4_all.deb

Size/MD5 checksum: 718724 9bd56e8f5a673661416a042cc315509b

Alpha architecture:

http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_alpha.deb" target="_blank">

http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_alpha.deb

Size/MD5 checksum: 114882 0b1d6a3f226b48f3065f8e065049a02a

http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_alpha.deb" target="_blank">

http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_alpha.deb

Size/MD5 checksum: 247602 b36d6e32ae319ed6953327d0de0e091c

http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_alpha.deb" target="_blank">

http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_alpha.deb

Size/MD5 checksum: 62892 a96ce75c69cc4423f0922a49ce97b7ef

http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_alpha.deb" target="_blank">

http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_alpha.deb

Size/MD5 checksum: 137006 6285c054dbb18b511153aeab6d5bb399

http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_alpha.deb" target="_blank">

http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_alpha.deb

Size/MD5 checksum: 89654 491c88a0bea723021f0f1eda84450208

http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_alpha.deb" target="_blank">

http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_alpha.deb

Size/MD5 checksum: 72142 3cad8d2db4270a422c0ba0ccfd6a9151

http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_alpha.deb" target="_blank">

http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_alpha.deb

Size/MD5 checksum: 144782 dea1c0c916c80b59174b4cfd18f1eb5e

http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_alpha.deb" target="_blank">

http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_alpha.deb

Size/MD5 checksum: 201754 42d6fcb995989672cfde30a467f9486e

http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_alpha.deb" target="_blank">

http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_alpha.deb

Size/MD5 checksum: 860980 3dabb660978f0d3cfc2c121acf8a48de

http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_alpha.de

参考网址

来源:SECUNIA

链接:http://secunia.com/advisories/24736

来源:MANDRIVA

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:077

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2007-0095.html

来源:SECUNIA

链接:http://secunia.com/advisories/24735

来源:SECUNIA

链接:http://secunia.com/advisories/24757

来源:SUNALERT

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102930-1

来源:BID

链接:https://www.securityfocus.com/bid/23285

来源:SECUNIA

链接:http://secunia.com/advisories/24798

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2007/1250

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2007/1470

来源:CERT

链接:http://www.us-cert.gov/cas/techalerts/TA07-093B.html

来源:SECUNIA

链接:http://secunia.com/advisories/24817

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/464666/100/0/threaded

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10757

来源:GENTOO

链接:http://security.gentoo.org/glsa/glsa-200704-02.xml

来源:CERT

链接:http://www.us-cert.gov/cas/techalerts/TA07-109A.html

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2007/1218

来源:SECUNIA

链接:http://secunia.com/advisories/24966

来源:SECUNIA

链接:http://secunia.com/advisories/24785

来源:UBUNTU

链接:http://www.ubuntu.com/usn/usn-449-1

来源:SECUNIA

链接:http://secunia.com/advisories/24740

来源:SECUNIA

链接:http://secunia.com/advisories/24786

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/464814/30/7170/threaded

来源:SECTRACK

链接:http://www.securitytracker.com/id?1017849

来源:CONFIRM

链接:http://docs.info.apple.com/article.html?artnum=305391

来源:DEBIAN

链接:https://www.debian.org/security/2007/dsa-1276

来源:SECUNIA

链接:http://secunia.com/advisories/24706

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2007/1983

来源:APPLE

链接:http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/33411

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/464592/100/0/threaded

来源:CERT-VN

链接:http://www.kb.cert.org/vuls/id/704024

来源:SUSE

链接:http://lists.suse.com/archive/suse-security-announce/2007-Apr/0001.html

来源:SECUNIA

链接:http://secunia.com/advisories/24750

来源:CONFIRM

链接:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-002-syslog.txt

来源:SECUNIA

链接:http://secunia.com/advisories/25464

受影响实体

  • Mit Kerberos:5-1.6  
    <!--
    2000-1-1
    -->

补丁

    暂无