[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Vulnerability in Kerberos 4 Key Server

Title: Vulnerability in Kerberos 4 Key Server
Released by: CERT
Date: 21st February 1996
Printable version: Click here
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



=============================================================================

CERT(*) Advisory CA-96.03

Original issue date: February 21, 1996

Last revised: September 24, 1997

              Updated copyright statement



              A complete revision history is at the end of this advisory.



Topic: Vulnerability in Kerberos 4 Key Server

- -----------------------------------------------------------------------------



The CERT Coordination Center has received reports of a vulnerability in the

Kerberos Version 4 server. On unpatched Kerberos 4 systems, under certain

circumstances, intruders can masquerade as authorized Kerberos users and gain

access to services and resources not intended for their use. The CERT team

recommends that you apply one of the solutions given in Section III.



The Kerberos Version 5 server running in Version 4 compatibility mode is also

vulnerable under certain circumstances. The Massachusetts Institute of

Technology (MIT) is working on the patches for that version.



We will update this advisory as we receive additional information.

Please check advisory files regularly for updates that relate to your site.



- -----------------------------------------------------------------------------



I.   Description



     The Kerberos Version 4 server is using a weak random number generator

     to produce session keys. On a computer of average speed, the session key

     for a ticket can be broken in a maximum of 2-4 minutes, and sometimes in

     much less time. This means that usable session keys can be manufactured

     without a user first being authorized by Kerberos.



II.  Impact



     Under certain circumstances, intruders can masquerade as authorized

     Kerberos users and gain access to services and resources not intended for

     their use.



III. Solution



     If you are running Kerberos Version 4 and have built Kerberos from a

     source distribution, use solution A. If you have obtained Kerberos 4

     binaries from a vendor, use solution B. If you are now using Kerberos

     Version 5, be aware that MIT is working on patches for that version.

     Notice will be made when the patches are available.



     A. Solution for Source Distributions



        If you have built Kerberos Version 4 from source, follow these

        instructions to retrieve the fixes necessary to correct this problem:



            Use anonymous FTP to athena-dist.mit.edu. Change directory to

            /pub/kerberos, fetch and read "README.KRB4" found in that

            directory. It will provide the name of the distribution directory

            (which is otherwise hidden and cannot be found by listing its

            parent directory). Change directory to the hidden distribution

            directory. There you will find the original Kerberos distribution

            plus a new file named "random_patch.tar.Z" (and random_patch.tar.gz

            for those with "gzip"). This tar file contains two files, the patch

            itself and a README.PATCH file. Read this file carefully before

            proceeding.



        As of February 23, 1996, MIT has updated the patch described in

        advisory CA-96.03. The actual patch has not changed, but the

        README.PATCH file (part of random_patch.tar.*) which contains

        instructions on how to install the patch has been edited to include

        the following new paragraph:



        >IMPORTANT: After running fix_kdb_keys you must kill and restart the

        >kerberos server process (it has the old keys cached in memory). Also,

        >if you operate any Kerberos slave servers, you need to perform a slave

        >propagation immediately to update the keys on the slaves.



        Updated files are now available on "athena-dist.mit.edu"

        including an updated random_patch.md5 file which contains the MD5

        checksums of random_patch.tar.* The PGP Signature is issued by

        Jeffrey I. Schiller  using PGP keyid 0x0DBF906D. The

        fingerprint is



                DD DC 88 AA 92 DC DD D5  BA 0A 6B 59 C1 65 AD 01



        The updated files are also available from



               http://info.cert.org/pub/vendors/mit/Patches/Kerberos-V4/



        The new checksums are



               MD5 (random_patch.md5) = ecf5412094572e183aa33ae4e5f197b8

               MD5 (random_patch.tar.Z) = e925b687a05a8c6321b2805026253315

               MD5 (random_patch.tar.gz) = 003226914427094a642fd1f067f589d2



        These files are also available from



    http://info.cert.org/pub/vendors/mit/Patches/Kerberos-V4/random_patch.md5

    http://info.cert.org/pub/vendors/mit/Patches/Kerberos-V4/random_patch.tar.Z

    http://info.cert.org/pub/vendors/mit/Patches/Kerberos-V4/random_patch.tar.gz



        The checksums are the same as above.



     B. Solution for Binary Distributions



        Contact your vendor.

        Some vendors who provide Kerberos are sending the CERT Coordination

        Center information about their patches. Thus far, we have received

        information from one vendor and placed it in the appendix of this

        advisory. We will update the appendix as we hear from vendors.





.........................................................................



Appendix A: Vendor Information



Below is information we have received from vendors concerning the

vulnerability described in this advisory. If you do not see your vendor's

name, please contact the vendor directly for information.





The Santa Cruz Operation, Inc.

- ------------------------------

The Kerberos 4 problem does not affect SCO.



SCO OpenServer, SCO Open Desktop, SCO UnixWare, SCO Unix, and SCO Xenix

do not support Kerberos.



The SCO Security Server, an add-on product for SCO OpenServer 3 and SCO

OpenServer 5, supports Kerberos V5 authentication. This product cannot be

configured to be Kerberos V4 compatible; therefore, it is not vulnerable.





TGV Software, Inc.

- ------------------

TGV has made two Kerberos ECO kits available (one for MultiNet V3.4

and one for V3.5) for Anonymous FTP.  If you are running Kerberos, we

_strongly_ urge you to apply this kit.



To obtain the kit, FTP to ECO.TGV.COM, username ANONYMOUS, password

either KERBEROS-034 or KERBEROS-035 (depending on the version of

MultiNet that you are running) and download the ECO kit:



        http://anonymous:kerberos-035@eco.tgv.com



The kit is available in both VMS BACKUP save set format as well as in

a compressed .ZIP file.  Use VMSINSTAL to apply the ECO.



Once you have completed the upgrade, the KITREMARK.VUR file from

the ECO kit will be displayed providing instructions during the

installation process.



If you have any questions, please send an e-mail message to



                MultiNet-VMS@Support.TGV.COM



Transarc Corporation

- --------------------



Kerberos Version 4.0 is used in our AFS product (all versions

of AFS), while Kerberos Version 5.0 is used in our DCE product

(Kerberos Version 5.0 is used in ALL DCE products).



In light of the COAST work, Transarc is doing a security review of

Kerberos 4.0 and AFS.  We expect to provide some procedural changes to

improve security in new cells, and we will make code changes as

necessary.  OSF also reviewed Kerberos 5.0, and they have released a

source patch for Kerberos 5.0 that strengthens the random number

generator in Kerberos 5.0. This patch is relevant to all versions of

DCE (but not to AFS since it is based on Kerberos 4.0).



Transarc has this OSF patch available for DCE 1.1 on Solaris 2.4, DCE

1.0.3a on Solaris 2.4, DCE 1.0.3a on Solaris 2.3, and DCE 1.0.3a on

Sun OS 4.1.3.  Please contact Transarc Customer Support for access to

these patches.



Please feel free to contact me directly if you have further questions

about this issue.



For pointers and  background on these issues please refer to



http://www.transarc.com/afs/transarc.com/public/www/Public/Support/security-\

update.html



Liz Hines

Hines@transarc.com





- ---------------------------------------------------------------------------

The CERT Coordination Center thanks Jeffrey Schiller and Theodore Ts'o of

Massachusetts Institute of Technology for their effort in responding to this

problem, and thanks Gene Spafford of COAST for the initial information about

the problem.

- ---------------------------------------------------------------------------



If you believe that your system has been compromised, contact the CERT

Coordination Center or your representative in the Forum of Incident

Response and Security Teams (FIRST).



We strongly urge you to encrypt any sensitive information you send by email.

The CERT Coordination Center can support a shared DES key and PGP. Contact the

CERT staff for more information.



Location of CERT PGP key

         http://info.cert.org/pub/CERT_PGP.key



CERT Contact Information

- ------------------------

Email    cert@cert.org



Phone    +1 412-268-7090 (24-hour hotline)

                CERT personnel answer 8:30-5:00 p.m. EST

                (GMT-5)/EDT(GMT-4), and are on call for

                emergencies during other hours.



Fax      +1 412-268-6989



Postal address

        CERT Coordination Center

        Software Engineering Institute

        Carnegie Mellon University

        Pittsburgh PA 15213-3890

        USA



To be added to our mailing list for CERT advisories and bulletins, send your

email address to

        cert-advisory-request@cert.org



CERT publications, information about FIRST representatives, and other

security-related information are available for anonymous FTP from

        http://info.cert.org/pub/



CERT advisories and bulletins are also posted on the USENET newsgroup

        comp.security.announce





- ------------------------------------------------------------------------------



Copyright 1996 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.



CERT is registered in the U.S. Patent and Trademark Office.





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Revision history



Sep. 24, 1997  Updated copyright statement

Aug. 30, 1996  Information previously in the README was inserted into the

               advisory.

Mar. 08, 1996  Appendix, TGV Software & Transarc - added entries

Feb. 23, 1996  Sec. III.A - noted a change in the readme.patch file and put

                new MD5 checksums at the end of the section.







-----BEGIN PGP SIGNATURE-----

Version: PGP for Personal Privacy 5.0

Charset: noconv



iQA/AwUBOBTBAlr9kb5qlZHQEQK+RACffvRv7b3Ijcy2VpjTslDTfnyIj3kAoLTF

Omt4590e5xlfGWiHYIrU4lKC

=LXR5

-----END PGP SIGNATURE-----








(C) 1999-2000 All rights reserved.