Rapid7 Vulnerability & Exploit Database

Sun Patch: SunOS 5.10_x86: pam_krb5.so.1 patch

Back to Search

Sun Patch: SunOS 5.10_x86: pam_krb5.so.1 patch

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
08/17/2009
Created
07/25/2018
Added
09/22/2009
Modified
11/19/2015

Description

Sun has released a security patch addressing the following issues:

6301844 mech_krb5 has problem working on 64 bit systems
 
(from 
140130-09)
 
6822062 multiple vulnerabilities in SPNEGO, ASN.1 decoder (CVE-2009-0847, CVE-2009-0845, CVE-2009-0844)
6822066 ASN.1 decoder frees uninitialized pointer (CVE-2009-0846)
 
(from 
140130-08)
 
6749302 pam_krb5 auth fails with key table entry not found
 
(from 
140130-07)
 
6758625 pam_krb5 is unable to communicate with ktkt_warnd; 50-second delays to login/screen unlock
 
(from 
140130-06)
 
6802931 krb5 NFS issues
 
(from 140130-05)
 
        This revision accumulates generic Sustaining patch 
138372-06
        into Solaris S10U7 update.
 
(from 140130-04)
 
        This revision accumulates generic Sustaining patch 
138372-05
        into Solaris S10U7 update.
 
(from 140130-03)
 
        This revision accumulates generic Sustaining patch 
138372-04
        into Solaris S10U7 update.
 
(from 140130-02)
 
        This revision accumulates generic Sustaining patch 
138372-03
        into Solaris S10U7 update.
 
(from 140130-01)
 
        This revision accumulates generic Sustaining patch 
139479-01
        into Solaris S10U7 update.
 
(from 
138372-06)
 
6799884 pam_krb5 could allow authentication to an attacker's KDC
 
(from 
138372-05)
 
6746597 kpropd full resync window does not time out
 
(from 
138372-04)
 
6756312 krb5int_pbkdf2_hmac_sha1() should not call C_DestroyObject() after C_GenerateKey() fails
6756928 kerberos incorrectly displays the error message "krb5 conf file not configured"
 
(from 
138372-03)
 
6543610 possible memory leak in krb5_acct_mgmt
6607659 despite calling pam_end, pam_krb5 module data not being freed
6736781 memory leak in mech_krb5.so.1 when obtaining FQHN for comparison to host principal
6754169 memory leak in __pam_display_msg() where pam_response structure is not freed
 
(from 
138372-02)
 
6245750 kadmin "Bad encryption type" error should state the enctype
6604635 kdb ldap integration removed rev/recurse kdb5_util dumps
6612490 kdb5_util should not coredump if krb5.conf is misconfigured
6621129 generic_gss_release_oid() should check for oid == NULL before dereferencing
6621239 adb_policy_init makes the wrong assertion
6641415 kadmind cores when using ldap backend and "sunw_dbprop_enable" is set to true
6647708 cannot create des keys with afs3 salt
6658621 configuration checks for kerberos daemons should be done by daemons themselves
6658624 missing error strings for new kerberos DB error types
6658627 kpropd should use its executable name, not the full path when logging error messages
6658631 error messages in kerberos daemons need cleanup
6664832 various memleaks in krb libs
 
(from 138372-01)
 
        This revision accumulates generic Sustaining patch 
138292-01
        into Solaris S10U6 update.
 
(from 
138292-01)
 
6548599 AES encrypt function in kmech_krb5 broken for 16-byte input, causes NFSsec interop problems
 
(from 
139479-01)
 
6200894 pam_krb5 shouldn't use setreuid and friends -- that's not MT-safe
6455225 pam_krb5 should overwrite ccache with new credentials when handling pam_setcred (PAM_REFRESH_CRED)
6531864 ktkt_warnd not warning after login
6607813 pam_krb5 setcred coredumps on successful refresh if auth was not previously called
6691206 pam_krb5's store_cred should always store new credentials if previous auth pass successful
6724557 potential for a memory leak in krb5_setcred's krb5_renew_tgt routine
6724959 pam_modules/krb5/utils.h`set_active_user() declaration is adrift
 
(from 
125168-01)
 
6253622 gssd core dumping in searchMechList

Solution(s)

  • sunpatch-solaris-140130

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;