Fix weak random number hole

Obtained from: CERT

1 files changed, 60 insertions, 0 deletions

diff --git a/eBones/README.PATCH b/eBones/README.PATCH
new file mode 100644
index 0000000..33cb15f
--- /dev/null
+++ b/eBones/README.PATCH
@@ -0,0 +1,60 @@
+READ THIS ENTIRE FILE BEFORE PROCEEDING!
+
+This distribution contains a "diff" file suitable for using with the
+"patch" program to update your Kerberos (version 4) source tree. The
+gist of the patch is to replace calls to des_random_key() with calls
+to des_new_random_key().
+
+The primary difference is that des_random_key() uses a seeding
+technique which is predictable and therefore
+vulnerable. des_new_random_key() uses a feedback mechanism based on
+the Data Encryption Standard (DES) and is seeded with a secret (and
+therefore unknown to an attacker) value. This value is the database
+master key, which is a convenient secret value.
+
+This patch assumes that you have the new_rnd_key.c key module (which
+contains the definition and code for des_new_random_key()). It has
+been part of the standard Version 4 distribution since 1992 and is
+used in the admin server (our primary error at MIT was not upgrading
+all of Kerberos to use this newer generator. This patch finishes the
+job).
+
+In addition to the patch file for the Kerberos distribution this
+distribution also contains a program for changing critical system keys
+(namely the "krbtgt" and "changepw.kerberos" keys). When you
+originally built your Kerberos database these keys were chosen at
+random, using the vulnerable version of the kerberos random number
+generator. Therefore it is possible for an attacker to mount an attack
+to guess these values. If an attacker can determine the key for the
+"krbtgt" ticket, they can construct tickets claiming to be any
+kerberos principal. Similarly if an attacker can obtain the
+"changepw.kerberos" key, they can change anyone's password.
+
+The enclosed "fix_kdb_keys.c" (part of the patch file) program, which
+you run on the KDC server, will change these critical keys to new
+values using the newer random number generator. IMPORTANT: When you
+run fix_kdb_keys, all outstanding ticket granting tickets will
+immediately become invalid. This will be disruptive to your user
+community. We recommend that you either do this late at night or early
+in the morning before most users have logged in. Alternatively
+pre-announce a definitive time when you will run the program and
+inform your users that they will have to get new tickets at that time
+(using either "kinit" or simply by logging out and then in again).
+
+NOTE: The only client program modified is "ksrvutil" which is used to
+generate new server keys. All other client/server programs are
+unaffected. End users do *not* need to obtain new versions of programs
+that use Kerberos. This is because most random number generation in
+the Kerberos system is done on the KDC system. By fixing kerberos.c
+you have repaired most of the damage.
+
+To install this patch copy patch_krb to the toplevel of your Kerberos
+source tree. Then type:
+
+patch -p0 <patch_krb
+
+This will install changes to various kerberos modules to upgrade them
+to use des_new_random_key(). It also will install a new program,
+"fix_kdb_keys.c." After the patch is complete type "make world" at the
+toplevel of your Kerberos source tree. This will, among other things,
+build the fix_kdb_keys program.