Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » NetBSD Security Advisory 2002-026: Buffer overflow in kadmind daemon

NetBSD Security Advisory 2002-026: Buffer overflow in kadmind daemon

by Nikola Strahija on October 23rd, 2002 Kadmind is the server for administrative access to kerberos database, and comes from the Heimdal Kerberos implementation used by NetBSD. In Heimdal releases earlier than 0.5.1 kadmind has a buffer overflow in the kerberos version 4 compatibility code.


The kadmind daemon has never been enabled by default in NetBSD;
enabling it would require a change in /etc/inetd.conf.


Technical Details
=================

All versions prior to Heimdal 0.5.1 and 0.4enb1 are vulnerable. NetBSD
1.5, 1.6, and -current (prior to October 21, 2002) ship with a vulnerable
version.

The problem is a buffer overflow in the kerberos version 4 compatibility layer
of kadmind.

See also: http://www.pdc.kth.se/heimdal/


Solutions and Workarounds
=========================

For most users this is not a vital service and is likely not enabled.
The only user of kadmin should be the kdc in a kerberos
realm. Since the security of the kerberos server very important,
kadmind must be disabled until upgraded.

* NetBSD all releases:

Check that you don't have kadmind in your /etc/inetd.conf.

# grep kadmind /etc/inetd.conf

If kadmind is enabled, disable it by commenting out its entry and
reloading inetd:

# /etc/rc.d/inetd reload

Check that kadmind is not running as a service

# ps axlwww | grep kadmind

If kadmind is running, kill it:

# kill

* NetBSD-current:

Systems running NetBSD-current dated from before 2002-Oct-22 should
be upgraded to NetBSD-current dated 2002-Oct-22 or later. The fix
is included in crypto/dist/heimdal/kadmin/version4.c, revision 1.2.

The following directory needs to be updated from the netbsd-current
CVS branch (aka HEAD):
crypto/dist/heimdal/kadmin

To update from CVS, re-build, and re-install kadmind(8):
# cd src
# cvs update -d -P crypto/dist/heimdal
# cd libexec/kadmind
# make cleandir dependall
# make install

* NetBSD 1.6:

The following directory needs to be updated from the
netbsd-1-6 CVS branch:
crypto/dist/heimdal/kadmin

To update from CVS, re-build, and re-install kadmind(8):

# cd src
# cvs update -d -P -r netbsd-1-6 crypto/dist/heimdal/kadmin
# cd libexec/kadmind
# make cleandir dependall
# make install

* NetBSD 1.5:

The following directory needs to be updated from the
netbsd-1-5 CVS branch:
crypto/dist/heimdal/kadmin

To update from CVS, re-build, and re-install kadmind(8):

# cd src
# cvs update -d -P -r netbsd-1-5 crypto/dist/heimdal/kadmin
# cd libexec/kadmind
# make cleandir dependall
# make install

Thanks To
=========

Love Hoernquist-Astrand for the patch and notification and Johan Danielsson
for testing.


Revision History
================

2002-Oct-21 Initial release

More Information
================

Advisories may be updated as new information comes to hand. The most
recent version of this advisory (PGP signed) can be found at
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.


Copyright 2002, The NetBSD Foundation, Inc. All Rights Reserved.

$NetBSD: NetBSD-SA2002-026.txt,v 1.9 2002/10/21 20:34:06 groo Exp $

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »