Patch-ID# 112237-12 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: security krb5 authentication fails 32 interfaces buffer overrun Synopsis: SunOS 5.8: mech_krb5.so.1 patch Date: Jul/27/2005 Install Requirements: Reboot after installation Install in Single User Mode Solaris Release: 8 SunOS Release: 5.8 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 112238 Topic: SunOS 5.8: mech_krb5.so.1 patch Relevant Architectures: sparc BugId's fixed with this patch: 4338622 4360141 4423818 4496679 4521000 4526202 4677605 4691352 4807010 4836676 4851952 4882946 5055875 Changes incorporated in this version: 4851952 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 109223-02 (or greater) Obsoleted by: Files included with this patch: /kernel/misc/kgss/gl_kmech_krb5 /kernel/misc/kgss/sparcv9/gl_kmech_krb5 /usr/lib/gss/gl/mech_krb5.so /usr/lib/gss/gl/mech_krb5.so.1 /usr/lib/gss/gl/sparcv9/mech_krb5.so /usr/lib/gss/gl/sparcv9/mech_krb5.so.1 /usr/lib/gss/mech_dh.so.1 /usr/lib/sparcv9/gss/gl/mech_krb5.so /usr/lib/sparcv9/gss/mech_dh.so.1 Problem Description: 4851952 krb5_os_localaddr() doesn't work correctly when multiple interfaces configured (from 112237-11) 4807010 Crash in the gssapi module 5055875 buffer overflow in (undocumented) auth_to_local rules (from 112237-10) 4882946 GSS_C_NO_BUFFER: gss_init_sec_context gives an Error code (from 112237-09) 4836676 Bounds checks not in place for princs in krbv5 (from 112237-08) 4521000 krb5_gss_wrap_size_limit() does not work (from 112237-07) 4423818 krb5 mechanism validating the wrong encryption type field 4691352 Multiple Kerberos vulnerabilities need to be fixed (from 112237-06) 4526202 pam_krb5 auth can fail with multiple ftp sessions of same user (from 112237-05) 4360141 kpasswd needs to be able to interface with MIT (from 112237-04) 4677605 mech_krb5 patches need a dependency on the libgss patch (from 112237-03) 4338622 BUFFER OVERRUN VULNERABILITIES IN KERBEROS (SEAM) (from 112237-02) This patch was respun to contain the correct VERSION string in the pkginfo for this patch for U7B6. (from 112237-01) 4496679 krb5 client authentication fails when 32 interfaces Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-10 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Reboot the system after patch installation. README -- Last modified date: Wednesday, July 27, 2005