Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: a6130.htm

heimdal Cryptographic weakness



10th Apr 2003 [SBWID-6130]
COMMAND

	heimdal Cryptographic weakness

SYSTEMS AFFECTED

	version 0.5.2 and prior

PROBLEM

	In Debian Security Advisory DSA-269:
	
	A cryptographic weakness in version 4 of the  Kerberos  protocol  allows
	an  attacker  to  use  a  chosen-plaintext  attack  to  impersonate  any
	principal in a realm. Additional cryptographic weaknesses  in  the  krb4
	implementation permit the use  of  cut-and-paste  attacks  to  fabricate
	krb4 tickets for unauthorized client principals if triple-DES  keys  are
	used to key krb4 services. These attacks can  subvert  a  site's  entire
	Kerberos authentication infrastructure.
	
	This version of the heimdal package changes  the  default  behavior  and
	disallows cross-realm authentication for Kerberos version 4. Because  of
	the fundamental nature of the  problem,  cross-realm  authentication  in
	Kerberos version 4 cannot be made secure  and  sites  should  avoid  its
	use. A new option  (--kerberos4-cross-realm)  is  provided  to  the  kdc
	command to re-enable version  4  cross-realm  authentication  for  those
	sites that must use this functionality but  desire  the  other  security
	fixes.

SOLUTION

	upgrade


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH