OBSOLETE Patch-ID# 120469-07
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security heap corruption kdc buffer overflow krb5_recvauth
Synopsis: Obsoleted by: 120473-09 SunOS 5.10: kerberos patch
Date: Apr/10/2007
Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.
Solaris Release: 10
SunOS Release: 5.10
Unbundled Product:
Unbundled Release:
Xref: This patch available for X86 as patch 120470
Topic: SunOS 5.10: kerberos patch
Relevant Architectures: sparc
Bugs fixed with this patch:
Changes incorporated in this version: 6496178
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch:
Obsoleted by: 120473-09
Files included with this patch:
/usr/lib/gss/mech_krb5.so.1
/usr/lib/krb5/krb5kdc
/usr/lib/sparcv9/gss/mech_krb5.so.1
Problem Description:
6496178 krb5 mech resends AS-REQ to the same KDC (master) after user enters a bad password
(from 120469-06)
6353492 Regression of 4786126: Kerberos Delegation Credentials not working on S10 and Nevada
(from 120469-05)
6320871 kinit fails if default_tkt_enctypes = des-cbc-crc but princ has des-cbc-md5 and preauth required
(from 120469-04)
6247126 krb5_verify_init_creds returns ERR if def keytab is missing, even though
verify_ap_req_nofail=false
(from 120469-03)
6203833 GSSAPI needs method to acquire initial creds with a password
6208638 krb5_gss_release_cred() can leak
(from 120469-02)
6284864 krb5_recvauth() may free memory twice under certain conditions
(from 120469-01)
6261685 Security: buffer overflow, heap corruption in KDC
Patch Installation Instructions:
--------------------------------
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions. The following example
installs a patch to a standalone machine:
example# patchadd /var/spool/patch/104945-02
The following example removes a patch from a standalone system:
example# patchrm 104945-02
For additional examples please see the appropriate man pages.
Special Install Instructions:
----------------------------
NOTE 1: Install the patch at single user mode. Reboot system after
patch installation is complete.
NOTE 2: If you're planning to set up Zones on this system, please make
sure to install the following patch which fixes bugid 6216195
(zone installation confused by UPDATE=yes in pkginfo(4) file.)
119254-06 (or greater) Install and Patch Utilities Patch
NOTE 3: To get the complete fix of bug 6203833 "GSSAPI needs method to
acquire initial creds with a password" please install the following
patch:
121239-01 (or greater) libgss patch
README -- Last modified date: Saturday, November 10, 2012