Date: Tue, 20 Feb 1996 18:58:01 -0500 From: Theodore Ts'o <tytso@MIT.EDU> To: kerberos@MIT.EDU -----BEGIN PGP SIGNED MESSAGE----- In the past few weeks, we have been aware of a significant vulnerability in the Kerberos V4 implementation as provided by MIT. This vulernability was noted by members of the COAST Laboratory at Purdue, and has been independently discovered by a number of different people since rumors about a "significant security vulnerability in Kerberos" has been swirling around for the past month or so. This message announces the availability of fixes for this problem. The nature of the problem has already been mentioned on the Kerberos list; to make a long story short, although the Kerberos V4 distribution does contain a strong random number generator, the changes to actually use it had somehow never gotten integrated into the Kerberos V4 sources. The Kerberos V5 protocol and implementation is *not* affected by this vulnerability, since it is using a DES-based random number generator. (Attackers who have the ability to crack a DES-based random number generator can more simply just crack a DES key for some critical Kerberos service, like the ticket-granting-ticket key. In the long run, we will need to move the a stronger cryptographic algorithm, such as triple-DES, and we are currently at work to support triple-DES within the MIT implementation of Kerberos V5.) However, those sites which are using the Kerberos V4 compatibility feature in the Kerberos V5 distribution should apply a patch to fix a similar problem in the Kerberos V4 compatibility code. This patch is not necessary if your site does not have this backwards-compatibility feature enabled. If you are using a version of Kerberos V4 which was provided to you by a vendor, please contact your vendor for assistance. MIT, in cooperation with the CERT, has been in contact with those vendors which we know supply Kerberos V4 to their customers. - Ted - ------------------------------------------------------------------- Instructions to pick up the the Kerberos V4 patch: Use Anonymous FTP to athena-dist.mit.edu. Change directory to /pub/kerberos, fetch and read "README.KRB4" found in that directory. It will provide the name of the distribution directory (which is otherwise hidden and cannot be found by listing its parent directory). Change directory to the hidden distribution directory. There you will find the original Kerberos distribution plus a new file named "random_patch.tar.Z" (and random_patch.tar.gz for those with "gzip"). This tar file contains two files, the patch itself and a README.PATCH file. Read this file carefully before proceeding. The distribution hidden directory also contains a file "random_patch.md5" which is a PGP clearsigned file containing the MD5 checksums of random_patch.tar.Z and random_patch.tar.gz. The PGP file is signed by Jeff Schiller (PGP keyid 0x0DBF906D, PGP Key fignerprint: DD DC 88 AA 92 DC DD D5 BA 0A 6B 59 C1 65 AD 01). - ------------------------------------------------------------------- Instructions to pick up the the Kerberos V5 patch: (only necessary if you are using the Kerberos V4 comaptibility feature) Use Anonymous FTP to athena-dist.mit.edu. Change directory to /pub/kerberos, fetch and read "README.KRB5_BETA5" found in that directory. It will provide the name of the distribution directory (which is otherwise hidden and cannot be found by listing its parent directory). Change directory to the hidden distribution directory. There you will find the Kerberos V5 Beta 5 distribution, plus a new file named krb5-krb4-random-patch. This is a text file containing the patch, plus a description of how to apply it to your Kerberos V5 distribution. Note that although it is found in the Beta 5 distribution directory, it should also work when applied against Beta 4 sources. Read the text file very carefully before proceeding. The distribution hidden directory also contains a file "krb5-krb4-random-patch.sig" which is a PGP detached signature of the patch file. The PGP signature is signed by myself, Theodore Ts'o, using PGP keyid 0x466B4289. (PGP Key fingerprint: 9C 05 66 49 DF 83 7E EF D8 AC 75 42 A2 33 4B 91). The MD5 checksum of the file krb5-krb4-random-patch is: b4740cb4b3e2256ee39bf72e5676c7f7. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.2, an Emacs/PGP interface iQCVAwUBMSpf4UQVcM1Ga0KJAQHUwgQAyZuDqrOgyzQZfSCHj1lKWHI7IFu9UgDt 8nAknf5iWfu6QWGWHF9MYye1h4vtJ7DU+s2/Kfk2OnXc5gOlSWu5WKz9GHL88HxK /Y6cS2r56hpVWLLiI5Jv+0RsA2RpfGuUf79VS2TI/twBmFBtAYgV/r7PeV8R6gnz NKSO7QbfoHk= =f9MS -----END PGP SIGNATURE-----