Tutorial - Kerberos Detected

Kerberos Detected

Updated 3/21/03

Impact

If the Kerberos Administration Daemon or any services which use a vulnerable version of Kerberos are enabled, remote root access may be possible due to a buffer overflow condition. If the Key Distribution Center is affected, the entire Kerberos domain could be compromised.

Background

Kerberos is used to provide strong authentication and encryption between a client and a server. A Kerberos Distribution Center, consisting of an authentication server and a ticket granting server, is involved in the authentication process. Cryptography is used to verify the identity of the user and the server, and to encrypt the session between them.

The Problems

Buffer Overrun and Underrun in Principal Name Handling

3/21/03
CAN 2003-0072
CAN 2003-0082
MIT Kerberos 5 contains buffer overrun and underrun problems affecting the code which processes principal names. An attacker could cause a corruption of the malloc pool, leading to a denial of service, and, with some malloc implementations and platforms, more severe consequences. An attacker could also reference data just past the end of an array in the KDC, which could result in a crash of the KDC.

Kerberos 5 version 1.2.7 and earlier and version 1.3-alpha1 are affected by this vulnerability.

Cryptographic Weakness in Kerberos 4 Protocol

3/19/03
CAN 2003-0138
CAN 2003-0139
A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation included in the MIT krb5 distribution permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These vulnerabilities could allow a root compromise of a KDC, which could lead to a compromise of an entire site.

This vulnerability is inherent in the Kerberos 4 protocol, including that included for backwards compatibility in MIT krb5 prior to release 1.3.

Buffer overflow in kadmind

10/31/02
CAN 2002-1235
The Kerberos Administration Daemon (kadmind) contains a buffer overflow condition in the code which provides support for the Kerberos 4 administration protocol. A remote attacker could exploit this condition by sending a long, specially crafted request to the kadmind service, thus overflowing a buffer on the stack and executing arbitrary commands with root privileges.

MIT Kerberos version 4 and KTH eBones (Kerberos version 4) prior to version 1.2.1 are affected by this vulnerability. MIT Kerberos version 5 up to and including krb5-1.2.6 and KTH Heimdal (Kerberos version 5) prior to version 0.5.1 are also affected if support for the Kerberos 4 administration protocol is enabled. The Kerberos 4 administration protocol is implemented by the kadmind4 program in MIT Kerberos 5, and by a compilation option within kadmind in KTH Heimdal.

Buffer overflow in Kerberos ftpd

5/29/01
CAN 2001-1323
The FTP daemon included in MIT Kerberos version 5 contains a buffer overflow which could allow a remote attacker to execute arbitrary commands with root privileges. In order to exploit this vulnerability, the attacker would either need access to an account on the system, or anonymous FTP would have to be enabled.

krb5-1.2.2 and earlier are affected by this vulnerability.

Vulnerabilities in MIT/Cygnus versions

CVE 2000-0389
CVE 2000-0390
CVE 2000-0391
Four buffer overflow conditions have been discovered in Kerberos. The most serious one could allow remote root access if any of the following services are running.

krshd
klogind (if Kerberos 4 authentication is accepted)
telnetd (if Kerberos 4 authentication is accepted)
ftpd (if Kerberos 4 authentication is accepted)
rkinitd
kpopd

Another buffer overflow condition could allow a local attacker to gain root access by exploiting v4rcp or ksu.

The following implementations of Kerberos are affected by these vulnerabilities:

MIT Kerberos 5 releases krb5-1.0.x, krb5-1.1, krb5-1.1.1
MIT Kerberos 4 patch 10, and likely earlier releases as well
KerbNet (Cygnus implementation of Kerberos 5)
Cygnus Network Security (CNS -- Cygnus implementation of Kerberos 4)

2/9/03
CAN 2003-0058
CAN 2003-0059
CAN 2003-0060
Additional vulnerabilities in MIT Kerberos 5 prior to 1.2.5 could allow an attacker to crash a KDC by causing a null pointer to be dereferenced, to impersonate users in other realms on an application server, or to crash a KDC or possibly execute arbitrary code by exploiting format string vulnerabilities or allocating negative-length buffers.

Vulnerabilities in KTH version

CVE 2001-0036
Three vulnerabilities have been discovered in the KTH version of Kerberos, which is included in OpenBSD and FreeBSD operating systems. Two of these vulnerabilities can be used in conjuction with each other to gain root access on an affected system. The first vulnerability allows a remote telnet user to pass environment variables through the telnet session without requiring a local user account. By resetting the krb4_proxy variable, an attacker could cause the Kerberos authentication requests to go to a fake server, thus fooling the system into accepting a false reply. The second vulnerability, a buffer overflow condition in the code which processes authentication replies, could be used with the first vulnerability to gain root access.

The third vulnerability could allow arbitrary files to be overwritten on the system. Ticket files are created in the /tmp directory with predictable file names. A user with an account on the system could guess the file name of a future ticket file, and symbolically link that file name to an arbitrary file on the system. When the ticket file is created, the arbitrary file is overwritten.

Resolution

To fix the vulnerabilities in MIT Kerberos, upgrade to Kerberos version krb5-1.3 (final release) or higher when it becomes available. If it is not yet available, upgrade to krb5-1.2.7 and apply the patch referenced in MIT krb5 Security Advisory 2003-005, and the patch kit or one of the workarounds described in MIT krb5 Security Advisory 2003-004.

Alternatively, the problems in some of the services can be fixed with the following workarounds:

Disable the Kerberos 4 administration protocol by disabling kadmind in Kerberos 4 or kadmind4 in Kerberos 5
The ftp vulnerability can be worked around by disabling the Kerberos ftpd service
The vulnerability in the klogind and telnetd services can be fixed by disabling Kerberos 4 authentication. This can be done by inserting the appropriate command-line options into their invokation in /etc/inetd.conf. Consult the Kerberos documentation to find out which options to use. This workaround is also possible for krshd but may not be effective due to another unrelated buffer overflow in that service.
Remove the set-userid mode from v4rcp and ksu . This can be done by changing into the directory containing those files and entering chmod u-s v4rcp and chmod u-s ksu.

To fix the vulnerabilities in KTH Kerberos, upgrade to Heimdal 0.5.1 or higher, or eBones 1.2.1 or higher.

Where can I read more about this?

More information on the Kerberos 5 buffer overrun and underrun problems can be found in MIT krb5 Security Advisory 2003-005.

More information on the Kerberos 4 cryptographic weakness can be found in MIT krb5 Security Advisory 2003-004.

More information on the kadmind vulnerability is available in CERT Advisory 2002-29 and MIT krb5 Security Advisory 2002-02.

For more information on the ftpd vulnerability, see the Kerberos advisory.

More information on the other problems in MIT Kerberos is available from CERT Advisory 2000-06, the Kerberos 4 advisory, and MIT krb5 Security Advisory 2003-001.

More information on the vulnerabilities in the KTH version is available from FreeBSD Security Advisory 01:25 or Bugtraq.