-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2003-006 ================================= Topic: Cryptographic weaknesses in Kerberos v4 protocol Version: NetBSD-current: source prior to March 20, 2003 NetBSD 1.6: affected NetBSD-1.5.3: affected NetBSD-1.5.2: affected NetBSD-1.5.1: affected NetBSD-1.5: affected pkgsrc: prior to kth-krb4-1.2.1 or heimdal-0.5.1 Severity: Every user on a Kerberos 4 network can be compromised Fixed: NetBSD-current: March 20, 2003 NetBSD-1.6 branch: March 22, 2003 (1.6.1 will include the fix) NetBSD-1.5 branch: April 1, 2003 pkgsrc: kth-krb4-1.2.2, heimdal-0.5.2 Abstract ======== A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. This attack subverts a site's entire Kerberos authentication infrastructure. Kerberos version 5 does not contain this cryptographic vulnerability. Sites are not vulnerable if they have Kerberos v4 completely disabled, including the disabling of any krb5 to krb4 translation services. Technical Details ================= An attacker controlling a krb4 shared cross-realm key can impersonate any principal in the remote realm to any service in the remote realm. This can lead to a root-level compromise of a KDC, along with compromise of any hosts that rely on authentication provided by that KDC. This attack may be performed against cross-realm principals, thus allowing an attacker to hop realms and compromise any realm that transitively shares a cross-realm key with the attacker's local realm. Related, but more difficult attacks may be possible without requiring the control of a shared cross-realm key. At the very least, an attacker capable of creating arbitrary principal names in the target realm may be able to perform the attack. A leak has occurred of an unpublished paper containing enough details about the vulnerability that an attacker familiar with the krb4 protocol can easily construct an exploit. No exploit is known to be circulating at this time, though. These are PROTOCOL vulnerabilities; fixes inherently involve restricting the functionality of the protocol. The fixes are required for the KDC machine - patches are not needed on the clients, if v4 is disabled on the server. Solutions and Workarounds ========================= If you can't upgrade to a newer version, make sure you disable all cross-realm functionality, remove or randomize the cross-realm key. You can use ``kinit --version'' do determine if you have a vulnerable system current: kinit (Heimdal 0.5nb2, KTH-KRB 1.2) Copyright (c) 1999-2002 Kungliga Tekniska Högskolan Send bug-reports to heimdal-bugs@pdc.kth.se is secure/safe. The following instructions describe how to upgrade your affected binaries by updating your source tree and rebuilding and installing a new version of Heimdal. * NetBSD-current: Systems running NetBSD-current dated from before 2003-03-20 should be upgraded to NetBSD-current dated 2003-03-21 or later. The following directories need to be updated from the netbsd-current CVS branch (aka HEAD): crypto/dist/heimdal/kdc include/heimdal To update from CVS, re-build, and re-install your KDC binaries. # cd src # cvs update -d -P crypto/dist/heimdal/kdc include/heimdal # cd usr.sbin/kdc # make USETOOLS=no cleandir dependall # make USETOOLS=no install * NetBSD 1.6: The binary distribution of NetBSD 1.6 is vulnerable. Systems running NetBSD 1.6 sources dated from before 2003-03-22 should be upgraded from NetBSD 1.6 sources dated 2003-03-23 or later. NetBSD 1.6.1 will include the fix. The following directories need to be updated from the netbsd-1-6 CVS branch: crypto/dist/heimdal/kdc include/heimdal To update from CVS, re-build, and re-install your KDC binaries. # cd src # cvs update -d -P -r netbsd-1-6 crypto/dist/heimdal/kdc \ include/heimdal # cd usr.sbin/kdc # make USETOOLS=no cleandir dependall # make USETOOLS=no install * NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3: The binary distribution of NetBSD 1.5.3 is vulnerable. Systems running NetBSD 1.5, 1.5.1, 1.5.2, or 1.5.3 sources dated from before 2003-03-31 should be upgraded from NetBSD 1.5.* sources dated 2003-04-01 or later. The following directories need to be updated from the netbsd-1-5 CVS branch: crypto/dist/heimdal/kdc include/heimdal To update from CVS, re-build, and re-install your KDC binaries. # cd src # cvs update -d -P -r netbsd-1-5 crypto/dist/heimdal/kdc \ include/heimdal # cd crypto/dist/heimdal/kdc # make cleandir dependall # make install Thanks To ========= Sam Hartman and Tom Yu for notifying us in the first place and providing text for the advisory. Steve Bellovin provided some hints that led MIT people to discover this vulnerability. Love Hornquist-Astrand for coordination of information exchange. Josef T. Burger for a correction to the build instructions. Revision History ================ 2003-04-04 Initial release 2003-04-04 Correct 'cd' in build instructions. More Information ================ Advisories may be updated as new information becomes available. The most recent version of this advisory (PGP signed) can be found at ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-006.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/. Copyright 2003, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SA2003-006.txt,v 1.7 2003/04/04 17:56:28 david Exp $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (NetBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPo3HeT5Ru2/4N2IFAQESnAP/YwD1jz2+clya8OtKefCCN31t2EXss/jG UqhxpfrJMVeLNVX+e4X3TLXSrRNyVoyF1k9vfWBUHLBGFnXt4S56xSNYjw31ExBw KRcXBIr8m2R4iBasM89/nePnpWh23SY7pkz58RvkVN7Zz/yqJPL08gB/uBewQKks QTumD81ULlc= =mf5a -----END PGP SIGNATURE-----