Patch-ID# 116044-04


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security kdb5_util krbv5
Synopsis: SunOS 5.9_x86: kadmind & kdb5_util patch
Date: Aug/10/2007


Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.

Solaris Release: 9_x86

SunOS Release: 5.9_x86

Unbundled Product:

Unbundled Release:

Xref: This patch available for SPARC as patch 112925

Topic: SunOS 5.9_x86: kadmind & kdb5_util patch

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR # Bug #
483667615152065
483727815152280
495521715185707
653800115386063
656267215400055


Changes incorporated in this version: 6538001 6562672

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/usr/lib/krb5/kadmind
/usr/sbin/kdb5_util

Problem Description:

6538001 KDC, kadmind stack overflow in krb5_klog_syslog (CVE-2007-0957)
6562672 kadmind vulnerable to buffer overflow [ MITKRB5-SA-2007-005 ]
 
(from 116044-03)
 
4955217 kadmind grows to use a large amount of memory and eventually runs out of swap
 
(from 116044-02)
 
4837278 Kerberos utilities should include automigrate capability
 
(from 116044-01)
 
4836676 Bounds checks not in place for princs in krbv5


Patch Installation Instructions:
--------------------------------
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
-----------------------------
 
NOTE 1:  To get the complete fix for bugID 4836676, "Bounds checks not in place
         for princs in krbv5," please also install the following patches:
 
         116044-01 (or greater)  kadmind & kdb5_util patch (this patch)
         116045-01 (or greater)  krb5 krb5kdc patch
         116046-02 (or greater)  krb5 libkadm5srv.so.1 patch
         113990-04 (or greater)  mech_krb5.so.1 gl_kmech_krb5 patch
         115168-02 (or greater)  pam_krb5.so.1 patch
 
NOTE 2:  To get the complete fix for bugID 4837278 (Kerberos utilities should 
         include automigrate capability), please also install the following 
         patches:
 
         115168-05 (or greater)  pam_krb5.so.1 patch
         116046-04 (or greater)  krb5 libkadm5srv.so.1 patch
 
NOTE 3:  To get the complete fix for KDC and kadmind stack overflow and 
         kadmind buffer overflow, please also install the following patches:
 
         116045-02 (or greater)  krb5 krb5kdc patch
         116046-09 (or greater)  krb5 libkadm5srv.so.1 patch
         116175-05 (or greater)  libkadm5 library patch


README -- Last modified date: Saturday, November 10, 2012