[15278] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES

daemon@ATHENA.MIT.EDU (Mike Friedman)
Sat Jun 10 00:54:34 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id:  <200006092115.OAA29565@ack.Berkeley.EDU>
Date:         Fri, 9 Jun 2000 14:15:39 -0700
Reply-To: Mike Friedman <mikef@ACK.BERKELEY.EDU>
From: Mike Friedman <mikef@ACK.BERKELEY.EDU>
X-To:         Tom Yu <tlyu@MIT.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <ldv66riu0xg.fsf@saint-elmos-fire.mit.edu> from "Tom Yu" at Jun
              09, 2000 03:08:59 PM

On Fri Jun  9 12:08:59 2000, Tom Yu said:

> 	MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC

Tom,

I notice that an earlier patch (see below) to the kerberos_v4.c module
wasn't incorporated into this patch for 1.0.x.  The earlier problem would
allow any user, anywhere, to crash a KDC by just constructing a V4 AS
request for a principal containing a string of '%s's.  I applied the fix
for that some time ago on my system, but I don't see it in the new patch.
(Fortunately, it's just a change to one line of code, so it shouldn't mess
up the line sequencing for applying this new patch).

That fix *has* been carried forward in the new 1.1.1 patch;  unfortunately
I'm still running 1.0.6!

Mike

=============
*** kerberos_v4.c.orig  Mon May 10 20:35:13 1999
--- kerberos_v4.c       Tue Jul 13 08:41:28 1999
***************
*** 253,259 ****
      case L_APPL_REQ:
        strcpy(log_text, "PROCESS_V4:");
        vsprintf(log_text+strlen(log_text), format, pvar);
!       krb5_klog_syslog(logpri, log_text);
      /* ignore the other types... */
      }
      va_end(pvar);
--- 253,259 ----
      case L_APPL_REQ:
        strcpy(log_text, "PROCESS_V4:");
        vsprintf(log_text+strlen(log_text), format, pvar);
!       krb5_klog_syslog(logpri, "%s", log_text);
      /* ignore the other types... */
      }
      va_end(pvar);

----------------------------------------------------------------------------
Mike Friedman                             mikef@ack.Berkeley.EDU
Communication & Network Services          +1-510-642-1410
University of California at Berkeley      http://ack.Berkeley.EDU/~mikef
----------------------------------------------------------------------------
home help back first fref pref prev next nref lref last post