CERT(sm) Advisory CA-96.03 - Vulnerability in Kerberos 4 Key Server

CERT(sm) Advisory CA-96.03 - Vulnerability in Kerberos 4 Key Server

Post by Steve Lod » Thu, 22 Feb 1996 04:00:00

CERT(sm) Advisory CA-96.03
February 21, 1996

Topic: Vulnerability in Kerberos 4 Key Server

The CERT Coordination Center has received reports of a vulnerability in the
Kerberos Version 4 server. On unpatched Kerberos 4 systems, under certain
circumstances, intruders can masquerade as authorized Kerberos users and gain
access to services and resources not intended for their use. The CERT team
recommends that you apply one of the solutions given in Section III.

The Kerberos Version 5 server running in Version 4 compatibility mode is also
vulnerable under certain circumstances. The Massachusetts Institute of
Technology (MIT) is working on the patches for that version.

As we receive additional information relating to this advisory, we will place
it in:


We encourage you to check our README files regularly for updates on
advisories that relate to your site.


I.   Description

     The Kerberos Version 4 server is using a weak random number generator
     to produce session keys. On a computer of average speed, the session key
     for a ticket can be broken in a maximum of 2-4 minutes, and sometimes in
     much less time. This means that usable session keys can be manufactured
     without a user first being authorized by Kerberos.

II.  Impact

     Under certain circumstances, intruders can masquerade as authorized
     Kerberos users and gain access to services and resources not intended for
     their use.

III. Solution

     If you are running Kerberos Version 4 and have built Kerberos from a
     source distribution, use solution A. If you have obtained Kerberos 4
     binaries from a vendor, use solution B. If you are now using Kerberos
     Version 5, be aware that MIT is working on patches for that version.
     Notice will be made when the patches are available.

     A. Solution for Source Distributions

        If you have built Kerberos Version 4 from source, follow these
        instructions to retrieve the fixes necessary to correct this problem:

          Use anonymous FTP to athena-dist.mit.edu. Change directory to
          /pub/kerberos, fetch and read "README.KRB4" found in that
          directory. It will provide the name of the distribution directory
          (which is otherwise hidden and cannot be found by listing its
          parent directory). Change directory to the hidden distribution
          directory. There you will find the original Kerberos distribution
          plus a new file named "random_patch.tar.Z" (and random_patch.tar.gz
          for those with "gzip"). This tar file contains two files, the patch
          itself and a README.PATCH file. Read this file carefully before

          The distribution hidden directory also contains a file
          "random_patch.md5" which is a PGP clear-signed file containing the
          MD5 checksums of random_patch.tar.Z and random_patch.tar.gz.

          using PGP keyid 0x0DBF906D. The fingerprint is

                DD DC 88 AA 92 DC DD D5  BA 0A 6B 59 C1 65 AD 01

          The MD5 checksums for these files are

                MD5 (random_patch.md5) = 9b9e3faac75f235cf967f595226192aa
                MD5 (random_patch.tar.Z) = 265e43ad0a055e610a0ba601141a47d4
                MD5 (random_patch.tar.gz) = 9b0d209f74c89b8395b156299fe7df79

   These files are also available from


          The checksums are the same as above.

     B. Solution for Binary Distributions

        Contact your vendor.
        Some vendors who provide Kerberos are sending the CERT Coordination
        Center information about their patches. Thus far, we have received
        information from one vendor and placed it in the appendix of this
        advisory. We will put all vendor information in the CA-96.03.README
        file, updating that file as we hear from vendors.

The CERT Coordination Center thanks Jeffrey Schiller and Theodore Ts'o of
Massachusetts Institute of Technology for their effort in responding to this
problem, and thanks Gene Spafford of COAST for the initial information about
the problem.

If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in the Forum of Incident
Response and Security Teams (FIRST).

We strongly urge you to encrypt any sensitive information you send by email.
The CERT Coordination Center can support a shared DES key and PGP. Contact the
CERT staff for more information.

Location of CERT PGP key

CERT Contact Information

Phone    +1 412-268-7090 (24-hour hotline)
                CERT personnel answer 8:30-5:00 p.m. EST
                (GMT-5)/EDT(GMT-4), and are on call for
                emergencies during other hours.

Fax      +1 412-268-6989

Postal address
        CERT Coordination Center
        Software Engineering Institute
        Carnegie Mellon University
        Pittsburgh PA 15213-3890

To be added to our mailing list for CERT advisories and bulletins, send your
email address to

CERT publications, information about FIRST representatives, and other
security-related information are available for anonymous FTP from

CERT advisories and bulletins are also posted on the USENET newsgroup

Copyright 1996 Carnegie Mellon University
This material may be reproduced and distributed without permission provided it
is used for noncommercial purposes and the copyright statement is included.

CERT is a service mark of Carnegie Mellon University.

Appendix A: Vendor Information

Current as of February 21, 1996
See CA-96.03.README for updated information.

Below is information we have received from vendors concerning the
vulnerability described in this advisory. If you do not see your vendor's
name, please contact the vendor directly for information.

The Santa Cruz Operation, Inc.
The Kerberos 4 problem does not affect SCO.

SCO OpenServer, SCO Open Desktop, SCO UnixWare, SCO Unix, and SCO Xenix
do not support Kerberos.

The SCO Security Server, an add-on product for SCO OpenServer 3 and SCO
OpenServer 5, supports Kerberos V5 authentication. This product cannot be
configured to be Kerberos V4 compatible; therefore, it is not vulnerable.

Steve Lodin