===================================================================== CERT-Renater Note d'Information No. 2010/VULN185 _____________________________________________________________________ DATE : 31/05/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Heimdal versions prior to 1.3.3. ====================================================================== http://www.h5l.org/releases.html?show=1.3.3 http://www.h5l.org/advisories.html?show=2010-05-27 ______________________________________________________________________ Heimdal releases 2010-05-27 - Heimdal 1.3.3 Heimdal 1.3.3 Released 2010-05-27 heimdal-1.3.3.tar.gz Major changes Check the GSS-API checksum exists before trying to use it kdc: check NULL pointers before dereference them Bugfixes Vulnerabilities 2010-05-27 - Tries to follow NULL pointers in KDC and GSS-API Kerberos acceptor (server). 2010-03-21 - Heimdal 1.3.2 2009-11-20 - Heimdal 1.3.1 2009-11-15 - Heimdal 1.3.0 2008-08-19 - Heimdal 1.2.1 2008-05-22 - Heimdal 1.2 2008-01-24 - Heimdal 1.1 2007-12-15 - Heimdal 1.0.2 2007-08-08 - Heimdal 1.0.1 2007-07-17 - Heimdal 1.0 2007-04-13 - Heimdal 0.8 2006-02-06 - Heimdal 0.6.6 2006-02-06 - Heimdal 0.7.2 2005-08-14 - Heimdal 0.7.1 2005-04-20 - Heimdal 0.6.4 2005-04-20 - Heimdal 0.6.5 2005-04-20 - Heimdal 0.7 2004-09-13 - Heimdal 0.6.3 2004-05-06 - Heimdal 0.6.2 2004-04-01 - Heimdal 0.6.1 2003-05-12 - Heimdal 0.6 1997-07-17 - Heimdal 0.0a __________________________________________________________________________ Heimdal advisories 2010-05-27 - Tries to follow NULL pointers in KDC and GSS-API Kerberos acceptor (server). Tries to follow NULL pointers in KDC and GSS-API Kerberos acceptor (server). Description: There OPTIONAL values in Kerberos protocols, in the ASN.1 encoder they are encoded as a pointer to a structure. When the peer is not sending the OPTIONAL argument, the pointer set to NULL instead of a pointer to a structure. In two places we failes to check for NULL pointer before trying to de-reference the NULL pointer, which results in crashing. Thanks to Tom Yu of MIT Kerberos for tell us about the problem. Applies to versions: Heimdal - 1.3.3 Heimdal - 1.3.2 Heimdal - 1.3.0 Heimdal - 1.2.1 Heimdal - 1.2 Heimdal - 1.1 Heimdal - 1.0.2 Heimdal - 1.0.1 Heimdal - 1.0 Heimdal - 0.7.2 See also: CVE-2010-1321 2010-03-21 - Length checking wrong 2006-08-08 - multiple local privilege escalation vulnerabilities 2006-02-06 - rshd privilege escalation vulnerability 2005-06-20 - telnetd vulnerabilities 2005-04-20 - telnet vulnerabilities 2004-09-13 - ftpd root escalation 2004-05-06 - Kerberos 4 buffer overrun in Heimdal kadmin 2004-04-01 - Cross-realm trust vulnerability in Heimdal ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================