blob: 33cb15f09b1b1695fc0eac4385e614984d1ebd61 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
READ THIS ENTIRE FILE BEFORE PROCEEDING!
This distribution contains a "diff" file suitable for using with the
"patch" program to update your Kerberos (version 4) source tree. The
gist of the patch is to replace calls to des_random_key() with calls
to des_new_random_key().
The primary difference is that des_random_key() uses a seeding
technique which is predictable and therefore
vulnerable. des_new_random_key() uses a feedback mechanism based on
the Data Encryption Standard (DES) and is seeded with a secret (and
therefore unknown to an attacker) value. This value is the database
master key, which is a convenient secret value.
This patch assumes that you have the new_rnd_key.c key module (which
contains the definition and code for des_new_random_key()). It has
been part of the standard Version 4 distribution since 1992 and is
used in the admin server (our primary error at MIT was not upgrading
all of Kerberos to use this newer generator. This patch finishes the
job).
In addition to the patch file for the Kerberos distribution this
distribution also contains a program for changing critical system keys
(namely the "krbtgt" and "changepw.kerberos" keys). When you
originally built your Kerberos database these keys were chosen at
random, using the vulnerable version of the kerberos random number
generator. Therefore it is possible for an attacker to mount an attack
to guess these values. If an attacker can determine the key for the
"krbtgt" ticket, they can construct tickets claiming to be any
kerberos principal. Similarly if an attacker can obtain the
"changepw.kerberos" key, they can change anyone's password.
The enclosed "fix_kdb_keys.c" (part of the patch file) program, which
you run on the KDC server, will change these critical keys to new
values using the newer random number generator. IMPORTANT: When you
run fix_kdb_keys, all outstanding ticket granting tickets will
immediately become invalid. This will be disruptive to your user
community. We recommend that you either do this late at night or early
in the morning before most users have logged in. Alternatively
pre-announce a definitive time when you will run the program and
inform your users that they will have to get new tickets at that time
(using either "kinit" or simply by logging out and then in again).
NOTE: The only client program modified is "ksrvutil" which is used to
generate new server keys. All other client/server programs are
unaffected. End users do *not* need to obtain new versions of programs
that use Kerberos. This is because most random number generation in
the Kerberos system is done on the KDC system. By fixing kerberos.c
you have repaired most of the damage.
To install this patch copy patch_krb to the toplevel of your Kerberos
source tree. Then type:
patch -p0 <patch_krb
This will install changes to various kerberos modules to upgrade them
to use des_new_random_key(). It also will install a new program,
"fix_kdb_keys.c." After the patch is complete type "make world" at the
toplevel of your Kerberos source tree. This will, among other things,
build the fix_kdb_keys program.
|
