Patch-ID# 112390-09 Keywords: security encryption krb5 client authentication interfaces Synopsis: SunOS 5.8: Supplemental Encryption Kerberos V5: mech_krb5.so.1 patch Date: Sep/29/2004 ****************************************************** The items made available through this website are subject to United States export laws and may be subject to export and import laws of other countries. You agree to strictly comply with all such laws and obtain licenses to export, re-export, or import as may be required. Unless expressly authorized by the United States Government to do so you will not, directly or indirectly, export or re-export the items made available through this website, nor direct the items therefrom, to any embargoed or restricted country identified in the United States export laws, including but not limited to the Export Administration Regulations (15 C.F.R. Parts 730-774). ****************************************************** Install Requirements: Reboot after installation Solaris Release: 8 SunOS Release: 5.8 Unbundled Product: Unbundled Release: Xref: Topic: SunOS 5.8: Supplemental Encryption Kerberos V5: mech_krb5.so.1 patch Relevant Architectures: sparc BugId's fixed with this patch: 4338622 4360141 4423818 4496679 4526202 4677605 4691352 4807010 4836676 5055875 Changes incorporated in this version: 4807010 5055875 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 109223-02 or greater Obsoleted by: Files included with this patch: /kernel/misc/kgss/do_kmech_krb5 /kernel/misc/kgss/sparcv9/do_kmech_krb5 /usr/lib/gss/do/mech_krb5.so /usr/lib/gss/do/mech_krb5.so.1 /usr/lib/gss/do/sparcv9/mech_krb5.so /usr/lib/gss/do/sparcv9/mech_krb5.so.1 /usr/lib/sparcv9/gss/do/mech_krb5.so Problem Description: 4807010 Crash in the gssapi module 5055875 buffer overflow in (undocumented) auth_to_local rules (from 112390-08) 4836676 Bounds checks not in place for princs in krbv5 (from 112390-07) 4423818 krb5 mechanism validating the wrong encryption type field 4691352 Multiple Kerberos vulnerabilities need to be fixed (from 112390-06) 4526202 pam_krb5 auth can fail with multiple ftp sessions of same user (from 112390-05) 4360141 kpasswd needs to be able to interface with MIT (from 112390-04) 4677605 mech_krb5 patches need a dependency on the libgss patch (from 112390-03) 4338622 BUFFER OVERRUN VULNERABILITIES IN KERBEROS (SEAM) (from 112390-02) This patch was respun to contain the correct VERSION string in the pkginfo for this patch for U7B6. (from 112390-01) 4496679 krb5 client authentication fails when 32 interfaces Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE: Install patch 108987-07 (or newer) to correct several patch installation problems. This is a patch for the domestic encryption kit-enhanced installation of Kerberos. If pkginfo -l SUNWpk does not show one of these two package versions, you will need the equivalent vanilla Kerberos patch, available as 112237. PKGINST: SUNWk5pu with VERSION: 11.8.0,REV=1999.12.07.04.22 PKGINST: SUNWk5pu.2 with VERSION: 11.8.0,REV=1999.12.07.04.22 README -- Last modified date: Wednesday, September 29, 2004