Patch-ID# 112238-10 Keywords: security krb5 client authentication fails interfaces buffer overrun Synopsis: SunOS 5.8_x86: mech_krb5.so.1 patch Date: Sep/29/2004 Install Requirements: Reboot after installation See Special Install Instructions Solaris Release: 8_x86 SunOS Release: 5.8_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 112237 Topic: SunOS 5.8_x86: mech_krb5.so.1 patch Relevant Architectures: i386 BugId's fixed with this patch: 4338622 4360141 4423818 4496679 4521000 4526202 4677605 4691352 4807010 4836676 4882946 5055875 Changes incorporated in this version: 4807010 5055875 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 109224-02 or greater Obsoleted by: Files included with this patch: /kernel/misc/kgss/gl_kmech_krb5 /usr/lib/gss/gl/mech_krb5.so /usr/lib/gss/gl/mech_krb5.so.1 /usr/lib/gss/mech_dh.so.1 Problem Description: 4807010 Crash in the gssapi module 5055875 buffer overflow in (undocumented) auth_to_local rules (from 112238-09) 4882946 GSS_C_NO_BUFFER: gss_init_sec_context gives an Error code (from 112238-08) 4836676 Bounds checks not in place for princs in krbv5 (from 112238-07) 4521000 krb5_gss_wrap_size_limit() does not work (from 112238-06) 4423818 krb5 mechanism validating the wrong encryption type field 4691352 Multiple Kerberos vulnerabilities need to be fixed (from 112238-05) 4526202 pam_krb5 auth can fail with multiple ftp sessions of same user (from 112238-04) 4360141 kpasswd needs to be able to interface with MIT (from 112238-03) 4677605 mech_krb5 patches need a dependency on the libgss patch (from 112238-02) 4338622 BUFFER OVERRUN VULNERABILITIES IN KERBEROS (SEAM) (from 112238-01) 4496679 krb5 client authentication fails when 32 interfaces Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Reboot the system afterr patch installation. README -- Last modified date: Wednesday, September 29, 2004