Patch-ID# 112536-05 Keywords: security kerberos mech_krb5.so.1 kmech_krb5 gss mech Synopsis: SEAM 1.0: Patch for Solaris 7 Date: Sep/02/2004 Install Requirements: None Solaris Release: 7 SunOS Release: 5.7 Unbundled Product: Solaris Enterprise Authentication Mechanism Unbundled Release: 1.0 Xref: This patch available for x86 as patch 112537 Topic: Relevant Architectures: sparc BugId's fixed with this patch: 4338622 4691352 4836676 5055875 Changes incorporated in this version: 5055875 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /kernel/misc/kgss/do_kmech_krb5 /kernel/misc/kgss/gl_kmech_krb5 /kernel/misc/kgss/sparcv9/do_kmech_krb5 /kernel/misc/kgss/sparcv9/gl_kmech_krb5 /usr/lib/gss/do/mech_krb5.so /usr/lib/gss/do/mech_krb5.so.1 /usr/lib/gss/gl/mech_krb5.so /usr/lib/gss/gl/mech_krb5.so.1 /usr/lib/sparcv9/gss/do/mech_krb5.so /usr/lib/sparcv9/gss/do/mech_krb5.so.1 /usr/lib/sparcv9/gss/gl/mech_krb5.so /usr/lib/sparcv9/gss/gl/mech_krb5.so.1 Problem Description: 5055875 buffer overflow in (undocumented) auth_to_local rules (from 112536-04) 4836676 Bounds checks not in place for princs in krbv5 (from 112536-03) 4691352 Multiple Kerberos vulnerabilities need to be fixed (rework) (from 112536-02) 4691352 Multiple Kerberos vulnerabilities need to be fixed (from 112536-01) 4338622 BUFFER OVERRUN VULNERABILITIES IN KERBEROS (SEAM) Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-8 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- For Bug ID 4338622, the complete fix requires patch 110057-05 or newer. Although patches 112536-01 and 110057-05 do not require/depend on each other, the complete resolution for the bug requires both. For Bug ID 4836676, the complete fix requires patch 110057-07 or newer. Although patches 112536-04 and 110057-07 do not require/depend on each other, the complete resolution for the bug requires both. README -- Last modified date: Thursday, September 2, 2004