Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: kerb3-2.htm

Kerberos V telnet daemon Buffer Overflow

    Kerberos V


    Any system running the Kerberos V 1.0 telnet daemon


    The  following  info  is  based  on  Secure Networks Inc. Security

    Systems running the Kerberos V  telnet daemon are vulnerable to  a
    buffer  overflow  in  the  Kerberized  telnet daemon.  This buffer
    overflow can allow remote root access to unauthorized users.

    The problem  lies in  the kerberized  telnet daemon  which due  to
    improper bounds checking of the  TERM variable is vulnerable to  a
    remote buffer overflow.

    The following function start_login() in sys_term.c illustrates the
    problem :

                    char speed[128];
                    sprintf(speed, "%s/%d", (cp = getenv("TERM")) ? cp : "",
                            (def_rspeed > 0) ? def_rspeed : 9600);

    By this, remote individuals can gain root access to hosts  running
    the Kerberos V telnet daemon.


    The problems described  in Kerberos V  are fixed by  updating your
    Kerberos installation to Kerberos V 1.0 patch level 1. Information
    about obtaining the update to Kerberos V can be found at:

   The MIT Kerberos Team announced the availability of MIT Kerberos V5
   Release 1.0.2.  This release is a bug-fix release only and it fixes
   a  potential  security  vulnerability  in  telnetd that may allow a
   remote  user  to  gain  root  privileges  on  systems with a broken
   tgetent()  library  function.   The  simplest  way  to  get the new
   patchlevel 1 release is via the Web.  Use the following URL:

    OpenBSD users  should update  to OpenBSD-current  via anoncvs, and
    recompile their kerberos libraries.

    Cygnus  plans  to   release  patches  for   the  Cygnus   Kerberos
    distributions shortly.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH