Patch-ID# 112921-10


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security libkadm5 pam_krb5 krb5 lib kerberos
Synopsis: SunOS 5.9: libkadm5 Patch
Date: Oct/10/2011


Install Requirements: After installing this patch on an active boot environment, the system will be in a potentially inconsistent state until a reboot is performed. Unless
otherwise specified in the Special Install Instructions below, it is normally safe to apply further patches prior to initiating the reboot due to the relatively small footprint of the patch utilities. Normal operations must not be resumed until after the reboot is performed.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.

Solaris Release: 9

SunOS Release: 5.9

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 116046

Topic: SunOS 5.9: libkadm5 Patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
419793714977637
422004214983277
464287915098102
466869915104390
472718815117999
481063215143863
483165315150447
483667615152065
483727815152280
483873515152776
511010515230141
620996015241601
621506615243393
649617815362548
653800115386063
699758315679434
705908615724537
706100815725603


Changes incorporated in this version: 6997583 7059086 7061008

Patches accumulated and obsoleted by this patch: 112725-02 112728-02 112922-02

Patches which conflict with this patch:

Patches required with this patch: 112908-02 (or greater)

Obsoleted by:

Files included with this patch:

/usr/lib/krb5/abi/abi_libdb2.so.1
/usr/lib/krb5/abi/abi_libdyn.so.1
/usr/lib/krb5/abi/abi_libkadm5clnt.so.1
/usr/lib/krb5/abi/abi_libkadm5srv.so.1
/usr/lib/krb5/abi/abi_libkdb.so.1
/usr/lib/krb5/abi/abi_libss.so.1
/usr/lib/krb5/abi/sparcv9/abi_libkadm5clnt.so.1
/usr/lib/krb5/libdb2.so.1
/usr/lib/krb5/libdyn.so.1
/usr/lib/krb5/libkadm5clnt.so.1
/usr/lib/krb5/libkadm5srv.so.1
/usr/lib/krb5/libkadmin.so.1
/usr/lib/krb5/libkdb.so.1
/usr/lib/krb5/libss.so.1
/usr/lib/krb5/sparcv9/libkadm5clnt.so.1

Problem Description:

6997583 problem with Kerberos kdc
7059086 problem with Kerberos admin
7061008 problem with Kerberos admin
 
(from 112921-09)
 
6538001 KDC, kadmind stack overflow in krb5_klog_syslog (CVE-2007-0957)
 
(from 112921-08)
 
6215066 kadm apps can not bind to kadmind if admin_server specifies port #
6496178 krb5 mech resends AS-REQ to the same KDC (master) after user enters a bad password
 
(from 112921-07)
 
5110105 addprinc with -randkey, {-/+} <flag> does *not* honor default_principal_flags
 
(from 112921-06)
 
6209960 heap buffer overflow in libkadm5srv
 
(from 112921-05)
 
4837278 Kerberos utilities should include automigrate capability
 
(from 112921-04)
 
4810632 kadmin -c <ccache> destroys the ccache when user quits the kadmin program
 
(from 112921-03)
 
4727188 kadmin core dumps when talking to MIT kadmind
4831653 pam_krb5 password aging causes a long delay if the admin_server is down
 
(from 112921-02)
 
4836676 bounds checks not in place for princs in krbv5
4838735 pam_krb5 not closing kadmin RPC sessions for pwd changes causing fd's to linger
 
(from 112921-01)
 
        This revision accumulates S9U1 feature point patch 112725-02.
 
(from 112725-02)
 
        This revision synchronizes the package version strings between 
        S9 and S9U1.
 
(from 112725-01)
 
4642879 Kerberos Mechanism Re-sync with MIT 1.2.1
4197937 gss_init_sec_context() doesn't set GSS_C_TRANS_FLAG
4220042 "kadmin: add_principal -expire "9/1/1999 7:00am" xhu" doesn't work
 
(from 112922-02)
 
4668699 buffer overflow in dbm_open and dbminit (except the one in libc)
 
(from 112922-01)
 
 
        This revision accumulates S9U1 feature point patch 112728-02.
 
(from 112728-02)
 
        This revision synchronizes the package version strings between 
        S9 and S9U1.
 
(from 112728-01)
 
4642879 Kerberos Mechanism Re-sync with MIT 1.2.1
4197937 gss_init_sec_context() doesn't set GSS_C_TRANS_FLAG
4220042 "kadmin: add_principal -expire "9/1/1999 7:00am" xhu"  doesn't work


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
NOTE 1:  To get the complete Kerberos feature, please also install the
         following patches:
 
         112923-01 (or greater)  krb5 usr/lib Patch
         112924-01 (or greater)  kinit klist kpasswd patch
         112925-01 (or greater)  kerberos utils & admin patch
 
NOTE 2:  To get the complete fix for BugId 4836676 (bounds checks not in place
         for princs in krbv5), please also install the following patches:
 
         112908-10 (or greater)  krb5 shared object patch
         112923-03 (or greater)  krb5 usr/lib Patch
         112925-03 (or greater)  kerberos utils & admin patch
 
NOTE 3:  To get the complete fix for BugId 4837278 (Kerberos utilities should
         include automigrate capability), please also install the following
         patches:
 
         112908-15 (or greater)  krb5 shared object patch
         112925-04 (or greater)  kerberos utils & admin patch
 
NOTE 4:  To get the complete fix for BugId 5110105 (addprinc with -randkey,
         {-/+} <flag> does *not* honor default_principal_flags), please also
         install the following patch:
 
         112925-06 (or greater)  kerberos utils & admin patch
 
NOTE 5:  To get the complete fix for BugId 6496178 (krb5 mech resends AS-REQ
         to the same KDC (master) after user enters a bad password), please
         also install the following patch:
 
         112908-30 (or greater)  krb5 shared object patch
 
NOTE 6:  To get the complete fix for KDC and kadmind stack/buffer overflows,
         please also install the following patches:
 
         112923-04 (or greater)  krb5 usr/lib Patch
         112925-07 (or greater)  kerberos utils & admin patch
 
NOTE 7:  To get a complete fix for BugId 4668699 (buffer overflow in 
         dbm_open and dbminit (except the one in libc)), please also 
         install the following patches:
 
         113319-08 (or greater)  libnsl.so.1 Patch
         114569-01 (or greater)  libdbm.so.1 Patch
         114571-01 (or greater)  libc.so.*.9 Patch



NOTE: The list of 'patches required with this patch' (above) has been
modified from the list specified at patch creation time. The reason for
the modification is that one or more of the required patches was
either never released or withdrawn after its release. The following
substitutions (which are guaranteed to satisfy the original requirements)
were therefore made:

112908-02 replaces 112908-01


README -- Last modified date: Friday, November 9, 2012