[3006] in Kerberos-V5-bugs
krb5-kdc/664: checksum vulnerability in SAM preauth
daemon@ATHENA.MIT.EDU (fcusack@iconnet.net)
Wed Nov 25 15:57:10 1998
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, fcusack@iconnet.net
Date: Wed, 25 Nov 1998 15:56:34 -0500 (EST)
From: fcusack@iconnet.net
Reply-To: fcusack@iconnet.net
To: krb5-bugs@MIT.EDU
Cc: fcusack@iconnet.net
>Number: 664
>Category: krb5-kdc
>Synopsis: checksum vulnerability in SAM preauth
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Nov 25 15:57:01 EST 1998
>Last-Modified:
>Originator: Frank Cusack
>Organization:
Icon CMT Corp.
>Release: krb5-current-19981119
>Environment:
N/A
System: SunOS ratbert 5.6 Generic_105181-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4
>Description:
a) sam-checksums are probably going away, and just the
krb-error checksum field will be used. (?)
b) checksum should not be calculated when the range of
the sad is small.
c) the checksum code didn't work under the new crypo API
anyway.
I just ifdef'd it out.
>How-To-Repeat:
>Fix:
Index: kdc/preauth/pa_sam_cryptocard.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam_cryptocard.c,v
retrieving revision 1.3
diff -u -r1.3 pa_sam_cryptocard.c
--- pa_sam_cryptocard.c 1998/11/25 06:13:10 1.3
+++ pa_sam_cryptocard.c 1998/11/25 20:50:59
@@ -301,7 +301,8 @@
sc.sam_pk_for_sad.length = 0;
sc.sam_nonce = 0;
- /* Generate checksum */
+#if 0
+ /* We don't calculate a checksum since it could be used to crack the SAD */
sc.sam_cksum.length = krb5_checksum_size(context, CKSUMTYPE_RSA_MD5_DES);
if ((sc.sam_cksum.contents = malloc(sc.sam_cksum.length)) == NULL) {
retval = ENOMEM;
@@ -316,6 +317,7 @@
&sc.sam_cksum)) {
goto cleanup;
}
+#endif /* 0 */
if (retval = encode_krb5_sam_challenge(&sc, &scratch))
goto cleanup;
Index: kdc/preauth/pa_sam_digi_path.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam_digi_path.c,v
retrieving revision 1.3
diff -u -r1.3 pa_sam_digi_path.c
--- pa_sam_digi_path.c 1998/11/25 06:13:10 1.3
+++ pa_sam_digi_path.c 1998/11/25 20:50:59
@@ -205,7 +205,8 @@
sc.sam_pk_for_sad.length = 0;
sc.sam_nonce = 0;
- /* Generate checksum */
+#if 0
+ /* We don't calculate a checksum since it could be used to crack the SAD */
sc.sam_cksum.length = krb5_checksum_size(context, CKSUMTYPE_RSA_MD5_DES);
if ((sc.sam_cksum.contents = malloc(sc.sam_cksum.length)) == NULL) {
retval = ENOMEM;
@@ -220,6 +221,7 @@
&sc.sam_cksum)) {
goto cleanup;
}
+#endif /* 0 */
if (retval = encode_krb5_sam_challenge(&sc, &scratch))
goto cleanup;
Index: kdc/preauth/pa_sam_grail.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam_grail.c,v
retrieving revision 1.1
diff -u -r1.1 pa_sam_grail.c
--- pa_sam_grail.c 1998/11/25 04:06:18 1.1
+++ pa_sam_grail.c 1998/11/25 20:50:59
@@ -105,7 +105,8 @@
sc.sam_pk_for_sad.length = 0;
sc.sam_nonce = 0;
- /* Generate checksum */
+#if 0
+ /* We don't calculate a checksum since it could be used to crack the SAD */
sc.sam_cksum.length = krb5_checksum_size(context, CKSUMTYPE_RSA_MD5_DES);
if ((sc.sam_cksum.contents = malloc(sc.sam_cksum.length)) == NULL) {
retval = ENOMEM;
@@ -120,6 +121,7 @@
&sc.sam_cksum)) {
goto cleanup;
}
+#endif /* 0 */
if (retval = encode_krb5_sam_challenge(&sc, &scratch))
goto cleanup;
Index: kdc/preauth/pa_sam_securid.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam_securid.c,v
retrieving revision 1.2
diff -u -r1.2 pa_sam_securid.c
--- pa_sam_securid.c 1998/11/25 18:34:20 1.2
+++ pa_sam_securid.c 1998/11/25 20:51:00
@@ -201,7 +201,8 @@
sc.sam_pk_for_sad.length = 0;
sc.sam_nonce = 0;
- /* Generate checksum */
+#if 0
+ /* We don't calculate a checksum since it could be used to crack the SAD */
sc.sam_cksum.length = krb5_checksum_size(context, CKSUMTYPE_RSA_MD5_DES);
if ((sc.sam_cksum.contents = malloc(sc.sam_cksum.length)) == NULL) {
return ENOMEM;
@@ -215,6 +216,7 @@
&sc.sam_cksum)) {
goto cleanup;
}
+#endif /* 0 */
if (retval = encode_krb5_sam_challenge(&sc, &scratch))
goto cleanup;
>Audit-Trail:
>Unformatted:
