Skip Menu |

Download (untitled) / with headers
text/plain 2.4KiB
From ghudson@MIT.EDU Mon Nov 17 15:47:21 1997
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU []) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id PAA19853 for <bugs@RT-11.MIT.EDU>; Mon, 17 Nov 1997 15:47:21 -0500
Received: from SMALL-GODS.MIT.EDU by MIT.EDU with SMTP
id AA00393; Mon, 17 Nov 97 15:47:20 EST
Received: by small-gods.MIT.EDU (SMI-8.6/4.7) id PAA20812; Mon, 17 Nov 1997 15:47:18 -0500
Message-Id: <199711172047.PAA20812@small-gods.MIT.EDU>
Date: Mon, 17 Nov 1997 15:47:18 -0500
From: ghudson@MIT.EDU
Reply-To: ghudson@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: for 1.0.3: kshd checksums
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 500
>Category: krb5-appl
>Synopsis: for 1.0.3: kshd checksums
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: tlyu
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Nov 17 15:48:01 EST 1997
>Last-Modified: Mon Nov 17 21:56:51 EST 1997
>Originator: Greg Hudson
Show quoted text
>Release: 1.0

System: SunOS small-gods 5.5.1 Generic_103640-12 sun4m sparc SUNW,SPARCstation-5
Architecture: sun4

Show quoted text
The logic surrounding krb5_checksum_required and
krb5_checksum_ignored has changed several times, but it wound up
broken. According to Sam, the default behavior is supposed to be:

If an authenticator has a checksum, it is checked.

This way, if you always use checksums in your rsh requests, you're
okay, and if you have an old client, you're vulnerable to replay
attacks but you can still use kshd. Unfortunately, the default
behavior actuall is:

Checksums are never checked.

So unless you give kshd the -c option, you are vulnerable to replay
attacks even if clients are using perfectly good, checksummed

Show quoted text
None provided. Someone should look at the code *carefully*, and make
it do the right thing; this problem arose because people made careless
changes to security-critical logic.
Show quoted text

Responsible-Changed-From-To: krb5-unassigned->tlyu
Responsible-Changed-By: tlyu
Responsible-Changed-When: Mon Nov 17 21:21:40 1997

State-Changed-From-To: open-feedback
State-Changed-By: tlyu
State-Changed-When: Mon Nov 17 21:21:49 1997

src/appl/bsd/krshd.c 5.71

We might want to pull this into 1.0.3.

State-Changed-From-To: feedback-closed
State-Changed-By: tlyu
State-Changed-When: Mon Nov 17 21:56:27 1997

Checked in on release branch

Show quoted text