Patch-ID# 112536-06


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: kerberos mech_krb5.so.1 kmech_krb5 gss mech security
Synopsis: SEAM 1.0 Jumbo patch for Solaris 2.7
Date: Oct/03/2005


Install Requirements: NA

Solaris Release: 7

SunOS Release: 5.7

Unbundled Product: Solaris Enterprise Authentication Mechanism

Unbundled Release: 1.0

Xref: This patch available for x86 as patch 112537

Topic:

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
433862215025875
469135215109288
483667615152065
505587515213583
626168515262375
628486415271398


Changes incorporated in this version: 6261685 6284864

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/kernel/misc/kgss/do_kmech_krb5
/kernel/misc/kgss/gl_kmech_krb5
/kernel/misc/kgss/sparcv9/do_kmech_krb5
/kernel/misc/kgss/sparcv9/gl_kmech_krb5
/usr/lib/gss/do/mech_krb5.so
/usr/lib/gss/do/mech_krb5.so.1
/usr/lib/gss/gl/mech_krb5.so
/usr/lib/gss/gl/mech_krb5.so.1
/usr/lib/sparcv9/gss/do/mech_krb5.so
/usr/lib/sparcv9/gss/do/mech_krb5.so.1
/usr/lib/sparcv9/gss/gl/mech_krb5.so
/usr/lib/sparcv9/gss/gl/mech_krb5.so.1

Problem Description:

6261685 Security: buffer overflow, heap corruption in KDC
6284864 krb5_recvauth() may free memory twice under certain conditions
 
(from 112536-05)
 
5055875 buffer overflow in (undocumented) auth_to_local rules
 
(from 112536-04)
 
4836676 Bounds checks not in place for princs in krbv5
 
(from 112536-03)
 
4691352 (rework) Multiple Kerberos vulnerabilities need to be fixed 
 
(from 112536-02)
 
4691352 Multiple Kerberos vulnerabilities need to be fixed
 
(from 112536-01)
 
4338622 BUFFER OVERRUN VULNERABILITIES IN KERBEROS (SEAM)


Patch Installation Instructions:
-------------------------------- 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-8 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
----------------------------- 
 
NOTE 1:  To get the complete fix for bugid 4338622 (BUFFER OVERRUN VULNERABILITIES 
         IN KERBEROS), please also install the following patch:
 
         110057-05 (or greater)  SEAM 1.0 Jumbo patch for Solaris 2.6/7
 
         Although patches 112536-01 and 110057-05 do not require/depend on each other, 
         the complete resolution for the bugfix requires both.
 
NOTE 2:  To get the complete fix for bugid 4836676 (Bounds checks not in place for 
         princs in krbv5), please also install the following patch:
 
         110057-07 (or greater)  SEAM 1.0 Jumbo patch for Solaris 2.6/7 
 
         Although patches 112536-04 and 110057-07 do not require/depend on each other,
         the complete resolution for the bugfix requires both.


README -- Last modified date: Friday, November 9, 2012