From owner-doc-jp@jp.freebsd.org  Sat May 27 22:38:56 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id WAA22054;
	Sat, 27 May 2000 22:38:56 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from sv01.geocities.co.jp (sv01.geocities.co.jp [210.153.89.155])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id WAA22049
	for <doc-jp@jp.freebsd.org>; Sat, 27 May 2000 22:38:56 +0900 (JST)
	(envelope-from hrs@geocities.co.jp)
Received: from mail.geocities.co.jp (mail.geocities.co.jp [210.153.89.137]) by sv01.geocities.co.jp (8.9.3+3.2W/3.7W) with ESMTP id WAA14895 for <doc-jp@jp.freebsd.org>; Sat, 27 May 2000 22:38:56 +0900 (JST)
Received: from mail.hrs.jp (sutnmax2-ppp29.ed.noda.sut.ac.jp [133.31.173.99]) by mail.geocities.co.jp (1.3G-GeocitiesJ-3.3) with ESMTP id WAA23213 for <doc-jp@jp.freebsd.org>; Sat, 27 May 2000 22:38:54 +0900 (JST)
Message-Id: <200005271338.WAA23213@mail.geocities.co.jp>
Received: from localhost (alph.hrs.jp [192.168.0.10])
	by mail.hrs.jp (8.9.3/3.7W/DomainMaster) with ESMTP id WAA36597
	for <doc-jp@jp.freebsd.org>; Sat, 27 May 2000 22:32:46 +0900 (JST)
	(envelope-from hrs@hrs.jp)
To: doc-jp@jp.freebsd.org
In-Reply-To: <200005270414.NAA10586@iris.dti.ne.jp>
References: <20000526174039.514AE37BF77@hub.freebsd.org>
	<200005270414.NAA10586@iris.dti.ne.jp>
X-Mailer: Mew version 1.94 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Sat, 27 May 2000 22:32:43 +0900
From: Hiroki Sato <hrs@geocities.co.jp>
X-Dispatcher: imput version 990905(IM130)
Lines: 118
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7417
Subject: [doc-jp 7417] Re: ANNOUNCE: FreeBSD Security Advisory:
 FreeBSD-SA-00:20.krb5
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@geocities.co.jp

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

dais@iris.dti.ne.jp (Daisuke Higashi) wrote
 in <200005270414.NAA10586@iris.dti.ne.jp>:

> I.   $BGX7J(B - Background
> 
> MIT Kerberos 5 is an implementation of the Kerberos 5 protocol which
> is available in the FreeBSD ports collection as the security/krb5
> port. FreeBSD also includes separately-developed Kerberos 4 and 5
> implementations from KTH, which are optionally installed as part of
> the base system (KTH Heimdal, the Kerberos 5 implementation, is
> currently considered "experimental" software).
> 
> MIT Kerberos 5 $B$O(B security/krb5 $B$H$7$F(B FreeBSD $B$N(B ports
> $B%3%l%/%7%g%s$+$iMxMQ$G$-$k(B Kerberos 5 $B%W%m%H%3%k$N<BAu$G$9!#(B
> FreeBSD $B$O$^$?!"JL$K3+H/$5$l$?(B KTH $B$K$h$k(B Kerberos 4 $B$*$h$S(B 5 $B$N(B
> $B<BAu$r4^$s$G$*$j!"%Y!<%9%7%9%F%`(B (base system) $B$N0lItJ,$H$7$F(B
> $BG$0U$K%$%s%9%H!<%k$5$l$^$9!#(B(Kerberos 5 $B$N<BAu$G$"$k(B KTH Heimdal $B$O!"(B
> $B8=:_!V<B83E*$J(B(experimental)$B!W%=%U%H%&%'%"$H9M$($i$l$F$$$^$9!#(B)

 optionally $B$r$=$N$^$^$K$7$?DxEY!#(B

 |MIT Kerberos 5 $B$O(B Kerberos 5 $B%W%m%H%3%k$N<BAu$G$9(B.
 |$B$3$l$O(B security/krb5 $B$H$7$F(B FreeBSD $B$N(B ports $B%3%l%/%7%g%s$+$iMxMQ$G$-$^$9(B. 
 |$B$^$?(B FreeBSD $B$O(B, $B$3$l$H$OJL$K3+H/$5$l$?(B KTH $B$K$h$k(B Kerberos 4 $B$*$h$S(B 5 $B$N(B
 |$B<BAu$r4^$s$G$*$j(B, $B%Y!<%9%7%9%F%`(B (base system) $B$N0lItJ,$H$7$F(B,
 |$B%*%W%7%g%s$G%$%s%9%H!<%k$5$l$^$9(B. (Kerberos 5 $B$N<BAu$G$"$k(B
 |KTH Heimdal $B$O!"8=:_!V<B83E*$J(B(experimental)$B!W%=%U%H%&%'%"$H9M$($i$l$F$$$^$9(B.)

> II.  $BLdBj$N>\:Y(B - Problem Description
> 
> The MIT Kerberos 5 port, versions 1.1.1 and earlier, contains several
> remote and local buffer overflows which can lead to root compromise.
> 
> Note that the implementations of Kerberos shipped in the FreeBSD base
> system are separately-developed software to MIT Kerberos and are
> believed not to be vulnerable to these problems.
> 
> MIT Kerberos 5 $B$N(B port $B$O!"(B1.1.1 $B$*$h$S$=$l0JA0$N%P!<%8%g%s(B
> $B$K$D$$$F!"%k!<%H8"8B$NC%<h$K$D$J$,$k%j%b!<%H$*$h$S%m!<%+%k$N(B
> $B$$$/$D$+$N%P%C%U%!%*!<%P%U%m!<$N2DG=@-$,$"$j$^$9!#(B
> 
> FreeBSD $B$N(B $B%Y!<%9(B (base) $B%7%9%F%`$H$H$b$K=P2Y$5$l$F$$$k(B
> Kerberos $B$N<BAu$O(B MIT Kerberos $B$H$OJL$K3+H/$5$l$F$$$k$b$N$G!"(B
> $B$3$l$i$NLdBj$KBP$7$F@H<e$G$O$J$$$H9M$($i$l$F$$$^$9!#(B

 $BBh0lJ8$N9=@.$H(B $B%k!<%H(B $B"*(B root $B$NJQ99$,<g$G$9!#(B

 |1.1.1 $B$*$h$S$=$l0JA0$N%P!<%8%g%s$N(B MIT Kerberos 5 $B$N(B port $B$K$O(B,
 |$B%j%b!<%H$*$h$S%m!<%+%k$+$i0-MQ2DG=$J(B, $B$$$/$D$+$N(B
 |$B%P%C%U%!%*!<%P%U%m!<LdBj$,B8:_$9$k$?$a(B, root $B8"8B$,C%$o$l$k(B
 |$B4m81@-$,$"$j$^$9(B.
 |
 |$B$?$@$7(B, FreeBSD $B$N(B $B%Y!<%9(B (base) $B%7%9%F%`$H$H$b$K=P2Y$5$l$F$$$k(B
 |Kerberos $B$N<BAu$O(B MIT Kerberos $B$H$OJL$K3+H/$5$l$F$$$k$b$N$G!"(B
 |$B$3$l$i$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$OB8:_$7$J$$$H9M$($i$l$F$$$^$9!#(B

> However, a very old release of FreeBSD dating from 1997 (FreeBSD
> 2.2.5) did ship with a closely MIT-derived Kerberos implementation
> ("eBones") and may be vulnerable to attacks of the kind described
> here. Any users still using FreeBSD 2.2.5 and who have installed the
> optional Kerberos distribution are urged to upgrade to 2.2.8-STABLE or
> later. Note however that FreeBSD 2.x is no longer an officially
> supported version, nor are security fixes always provided.
> 
> $B$7$+$7$J$,$i!"(B1997 $BG/0J9_$N!"Hs>o$K8E$$(B FreeBSD $B$N%j%j!<%9(B
> (FreeBSD 2.2.5) $B$O!"(BMIT $BM3Mh$N(B Kerberos $B$K6a$$<BAu$H$H$b$K(B
> $B=P2Y$5$l$F$*$j!"$*$=$i$/$3$3$K=q$+$l$F$$$kF1<o$N967b$KBP$7$F(B
> $B@H<e$G$7$g$&!#(BFreeBSD 2.2.5 $B$r$$$^$@$K;HMQ$7!"%*%W%7%g%s$N(B
> Kerberos $B$NG[I[$r%$%s%9%H!<%k$7$F$$$k%f!<%6$O!"(B2.2.8-STABLE $B$"$k$$$O(B
> $B$=$l0J9_$N$b$N$K%"%C%W%0%l!<%I$9$k$3$H$,4+$a$i$l$^$9!#(B
> $B$7$+$7!"(BFreeBSD 2.x $B$O!"$b$O$d8x<0$K$O%5%]!<%H$5$l$J$$%P!<%8%g%s$G!"(B
> $B%;%-%e%j%F%#$K4X$9$k=$@5$bDs6!$5$l$J$$$3$H$KCm0U$7$F$/$@$5$$!#(B

 be urged $B$"$?$j$NI=8=$rJQ$($F$$$^$9!#(B

 |$B$7$+$7(B, 1997 $BG/0J9_$N!"Hs>o$K8E$$(B FreeBSD $B$N%j%j!<%9(B
 |(FreeBSD 2.2.5) $B$O(B, MIT $BM3Mh$N(B Kerberos $B$K6a$$<BAu$H$H$b$K(B
 |$B=P2Y$5$l$F$*$j!"$*$=$i$/$3$3$K=q$+$l$F$$$kF1<o$N967b$KBP$9$k(B
 |$B%;%-%e%j%F%#>e$N<eE@$,B8:_$9$k$H;W$o$l$^$9(B.  $B8=:_$b$J$*(B FreeBSD 2.2.5 $B$r(B
 |$B;HMQ$7!"%*%W%7%g%s$N(B Kerberos $B$NG[I[$r%$%s%9%H!<%k$7$F$$$k%f!<%6$O!"(B2.2.8-STABLE $B$"$k$$$O(B
 |$B$=$l0J9_$N$b$N$K%"%C%W%0%l!<%I$9$k$3$H$r6/$/$*$9$9$a$7$^$9(B.
 |$B$?$@$7(B, FreeBSD 2.x $B$O!"$9$G$K8x<0$K$O%5%]!<%H$5$l$F$$$J$$%P!<%8%g%s$G$9(B.
 |$B%;%-%e%j%F%#$K4X$9$k=$@5$bDs6!$5$l$J$$$3$H$KCm0U$7$F$/$@$5$$!#(B

> IV.  $BBP1~:v(B - Workaround
> 
> Due to the nature of the vulnerability there are several programs and
> network services which are affected. If recompiling the port is not
> practical, please see the MIT Kerberos advisory for suggested
> workarounds (including the disabling or adjustment of services and
> removal of setuid permissions on vulnerable binaries). The advisory
> can be found at the following location:
> 
> http://web.mit.edu/kerberos/www/advisories/krb4buf.txt
> 
> $B$3$N@H<e@-$N@-<A$N$?$a!"$$$/$D$+$N%W%m%0%i%`$d(B
> $B%M%C%H%o!<%/%5!<%S%9$,1F6A$r<u$1$^$9!#(Bports $B$r:F%3%s%Q%$%k(B
> $B$9$k$3$H$,8=<BE*$G$J$1$l$P!"Ds0F$5$l$F$$$kBP1~:v(B
> ($B%5!<%S%9$NDd;_!&=$@5$*$h$S!"LdBj$N$"$k%P%$%J%j$N(B setuid $B%Q!<%_%C%7%g%s$N(B
> $B=|5n$r4^$s$G$$$^$9(B)$B$K4X$9$k(B MIT Kerberos $B$N9pCN$r;2>H$7$F$/$@$5$$!#(B
> $B9pCN$O<!$N>l=j$GF@$i$l$^$9!#(B

 be not practical $B$"$?$j$NI=8=$rJQ$($F$$$^$9!#(B

 |$B$3$N@H<e@-$N@-<A$N$?$a!"$$$/$D$+$N%W%m%0%i%`$d(B
 |$B%M%C%H%o!<%/%5!<%S%9$,1F6A$r<u$1$^$9!#(Bport $B$N:F9=C[$,:$Fq$G$"$l$P(B,
 |$BDs0F$5$l$F$$$kBP1~:v(B
 |($B%5!<%S%9$NDd;_!&=$@5$*$h$S!"LdBj$N$"$k%P%$%J%j$N(B setuid $B%Q!<%_%C%7%g%s$N(B
 |$B=|5n$r4^$s$G$$$^$9(B)$B$K4X$9$k(B MIT Kerberos $B$N4+9p$r;2>H$7$F$/$@$5$$!#(B
 |$B$=$N4+9p$,$"$k>l=j$O(B, $B<!$N$H$*$j$G$9(B.

--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B <hrs@geocities.co.jp>
|
|                                  j7397067@ed.noda.sut.ac.jp(univ)
|                        hrs@jp.FreeBSD.org(FreeBSD doc-jp Project)
