Patch-ID# 112237-11
Keywords: security krb5 authentication fails 32 interfaces buffer overrun
Synopsis: SunOS 5.8: mech_krb5.so.1 patch
Date: Sep/29/2004


Install Requirements: Install in Single User Mode                      
                      Reboot immediately after patch is installed                      
                      
Solaris Release: 8

SunOS Release: 5.8

Unbundled Product: 

Unbundled Release: 

Xref: This patch available for x86 as patch 112238

Topic: SunOS 5.8: mech_krb5.so.1 patch

Relevant Architectures: sparc

BugId's fixed with this patch: 4338622 4360141 4423818 4496679 4521000 4526202 4677605 4691352 4807010 4836676 4882946 5055875

Changes incorporated in this version: 4807010 5055875

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 109223-02 or greater

Obsoleted by: 

Files included with this patch: 

/kernel/misc/kgss/gl_kmech_krb5
/kernel/misc/kgss/sparcv9/gl_kmech_krb5
/usr/lib/gss/gl/mech_krb5.so
/usr/lib/gss/gl/mech_krb5.so.1
/usr/lib/gss/gl/sparcv9/mech_krb5.so
/usr/lib/gss/gl/sparcv9/mech_krb5.so.1
/usr/lib/gss/mech_dh.so.1
/usr/lib/sparcv9/gss/gl/mech_krb5.so
/usr/lib/sparcv9/gss/mech_dh.so.1

Problem Description:

4807010 Crash in the gssapi module
5055875 buffer overflow in (undocumented) auth_to_local rules
 
(from 112237-10)
 
4882946 GSS_C_NO_BUFFER: gss_init_sec_context gives an Error code
 
(from 112237-09)
 
4836676 Bounds checks not in place for princs in krbv5
 
(from 112237-08)
 
4521000 krb5_gss_wrap_size_limit() does not work
 
(from 112237-07)
 
4423818 krb5 mechanism validating the wrong encryption type field
4691352 Multiple Kerberos vulnerabilities need to be fixed
 
(from 112237-06)
 
4526202 pam_krb5 auth can fail with multiple ftp sessions of same user
 
(from 112237-05)
 
4360141 kpasswd needs to be able to interface with MIT
 
(from 112237-04)
 
4677605 mech_krb5 patches need a dependency on the libgss patch
 
(from 112237-03)
 
4338622 BUFFER OVERRUN VULNERABILITIES IN KERBEROS (SEAM)
 
(from 112237-02)
 
	This patch was respun to contain the correct VERSION
	string in the pkginfo for this patch for U7B6.
 
(from 112237-01)
 
4496679 krb5 client authentication fails when 32 interfaces

Patch Installation Instructions:
--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-9 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
-----------------------------
 
Reboot the system after patch installation.

README -- Last modified date:  Wednesday, September 29, 2004