CERT: Security flaw in Sun library could affect Kerberos

ComputerWorld.com ^ | Sam Costello

[oc-flyfish]

A security hole in the XDR Library provided to a number of vendors by Sun Microsystems Inc. could allow an attacker to execute arbitrary code on an affected system or cause a denial of service, according to an advisory from the CERT Coordination Center (CERT/CC).
The flaw also affects the widely used Kerberos authentication software that allows users to securely log on to remote systems.

The vulnerability exists in XDR (External Data Representation) libraries derived from SunRPC (remote procedure call) used in products from Sun, as well as from Apple Computer Inc., IBM and a number of Linux and Unix distributions, CERT/CC said yesterday. These products include those that use the Sun network service library (libnsl), the BSD-derived XDR/RPC routines (libc) and the GNU C library with sunrpc (glibc), CERT/CC said.

The XDR Library is a method of sending processes from one system to another, usually over a network connection, without regard to platform, CERT/CC said.

The security hole comes in the xdr_array component of the XDR Library, where an integer overflow problem could lead to a buffer overflow. Were an attacker to exploit these vulnerabilities, he would be able to run code of his choice on the target system, CERT/CC said.

Due to the number of systems that the XDR Library is included in, attacks can cause other problems, including denials of service and information disclosure, CERT/CC said. Also potentially troublesome is the effect of the flaw on Kerberos, which could allow an attacker to gain access to a trusted Kerberos realm.

Affected software includes Apple's Mac OS X and Mac OS X Server, Debian Linux 3, IBM's AIX 4.3.3 and 5.1.0, the Kerberos software developed by MIT and Sun's Solaris 2.5.1 through 9.

Users should contact their vendors to inquire about patch status. CERT/CC has posted a more complete list of affected vendors and products, as well as their patch status, in its advisory.

 

[oc-flyfish]

Ouch this appears to be a nasty one for those using Linux, Unix, and Macs.

[oc-flyfish]

Watch out ping.

[oc-flyfish]

FYI ping.

[oc-flyfish]

I am just waiting for the Mac lovers to say:

"Glad I have a Mac... oh, er... this one effects Macs? How is that possible?"

[rdb3]

Ouch this appears to be a nasty one for those using Linux, Unix, and Macs.

Click here, please.

[oc-flyfish]

Whoops, didn't see it was already posted...

BTW, your profile page gives me a chuckle every time I see it.

[Bush2000]

I'm shocked, shocked, shocked!!!

[oc-flyfish]

As am I... I was all ready to buy a Mac since they *never* have issues. Damn... guess I will have to stay with my PC instead.

[BushCountry]

Kerberos is used by Windows 2000/XP servers and workstation for log-in. If Kerberos is attacked then you are not safe with windows machines either.

[Bush2000]

Kerberos is used by Windows 2000/XP servers and workstation for log-in. If Kerberos is attacked then you are not safe with windows machines either.

You do understand that Kerberos is a specification for a security protocol, right? There are different implementations. There is no evidence yet Microsoft used Sun's libraries; therefore, your assertion is bogus.

[BushCountry]

The Windows platform security weaknesses are world reknowned (a child can hacked most Windows 2000 servers with a few tricks). I was just pointing out that if Kerberos is unsecure for Linux than it is most likely the same story for the Windows Platform.

Want to beat all NTFS permissions on a machine, just boot the system with NTFSDOS (child play). Want to log on to a remote server as administrator without a password use a win98 machine, the server will send you the password automatically assuming you are the administrator. 300 passwords will get you in 35% of the servers. The list of things to do goes on, and on...

Sure it is the Administrator's fault that the security is so weak, but by default Windows 2000 Servers have no security, and actually take a hell of a lot of work to make them secure.

[Bush2000]

I was just pointing out that if Kerberos is unsecure for Linux than it is most likely the same story for the Windows Platform.

Non-sequitor: Does not follow.

Want to beat all NTFS permissions on a machine, just boot the system with NTFSDOS (child play). Want to log on to a remote server as administrator without a password use a win98 machine, the server will send you the password automatically assuming you are the administrator. 300 passwords will get you in 35% of the servers. The list of things to do goes on, and on...

Try doing any of that on my network. Oh, right ... you'd need physical access to my network. Sorry, you lose.

Sure it is the Administrator's fault that the security is so weak, but by default Windows 2000 Servers have no security, and actually take a hell of a lot of work to make them secure.

Here, I agree. It does take extra work. MS made the wrong choice in choosing ease-of-use and interoperability over security. That's changed with .NET Server. Nearly everything is turned OFF by default and you have to specifically enable anything to get it turned on.

[ThinkDifferent]

Your ridiculous strawman aside, Apple had a fix for this very soon after it was revealed. Has Microsoft even issued a statement yet?