Disclaimer: 

Please note: Although OBSOLETED patches are available on SunSolve, Sun recommends using the most recent patches and the most recent revision of those patches. OBSOLETED patches do not include the latest bug fixes and/or product enhancements, and may require the installation of additional patches as a corrective measure.

Status: OBSOLETE

Patch Id: 112390-11

***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************

Summary: Obsoleted by: 112390-12 SunOS 5.8: Supplemental Encryption Kerberos V5: mech_krb5.so.1 patch

Date:  Jul/29/2005


******************************************************
   The items made available through this website
   are subject to United States export laws and
   may be subject to export and import laws of
   other countries. You agree to strictly comply
   with all such laws and obtain licenses to
   export, re-export, or import as may be required.
   Unless expressly authorized by the United States
   Government to do so you will not, directly or
   indirectly, export or re-export the items made
   available through this website, nor direct the
   items therefrom, to any  embargoed or restricted
   country identified in the United States export
   laws, including but not limited to the Export
   Administration Regulations (15 C.F.R. Parts
   730-774).
******************************************************

Installation Requirements:

Reboot after installation, an alternative may be in Special Install Instructions                      
                      Install in Single User Mode

Solaris Release: 8

Sun OS Release: 5.8

Unbundled Product: 

Unbundled Release: 

Xref: This patch available for x86 as patch 112240

Topic: 

SunOS 5.8: Supplemental Encryption Kerberos V5: mech_krb5.so.1 patch

Relevant Architecture: sparc

BugId's fixed with this patch:

4338622 4360141 4423818 4496679 4526202 4677605 4691352 4807010 4836676 4851952 5055875 6261685 6284864

Changes incorporated in this version:

6261685 6284864

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch: 

Required Patches:

109223-02 (or greater)

Obsoleted by:

Files Included in this Patch: 

/kernel/misc/kgss/do_kmech_krb5
/kernel/misc/kgss/sparcv9/do_kmech_krb5
/usr/lib/gss/do/mech_krb5.so
/usr/lib/gss/do/mech_krb5.so.1
/usr/lib/gss/do/sparcv9/mech_krb5.so
/usr/lib/gss/do/sparcv9/mech_krb5.so.1
/usr/lib/sparcv9/gss/do/mech_krb5.so

Problem Description: 

6261685 Security: buffer overflow, heap corruption in KDC
6284864 krb5_recvauth() may free memory twice under certain conditions
 
(from 112390-10)
 
4851952 krb5_os_localaddr() doesn't work correctly when multiple interfaces configured
 
(from 112390-09)
 
4807010 Crash in the gssapi module
5055875 buffer overflow in (undocumented) auth_to_local rules
 
(from 112390-08)
 
4836676 Bounds checks not in place for princs in krbv5
 
(from 112390-07)
 
4423818 krb5 mechanism validating the wrong encryption type field
4691352 Multiple Kerberos vulnerabilities need to be fixed
 
(from 112390-06)
 
4526202 pam_krb5 auth can fail with multiple ftp sessions of same user
 
(from 112390-05)
 
4360141 kpasswd needs to be able to interface with MIT
 
(from 112390-04)
 
4677605 mech_krb5 patches need a dependency on the libgss patch
 
(from 112390-03)
 
4338622 BUFFER OVERRUN VULNERABILITIES IN KERBEROS (SEAM)
 
(from 112390-02)
 
        This patch was respun to contain the correct VERSION
        string in the pkginfo for U7B6.
 
(from 112390-01)
 
4496679 krb5 client authentication fails when 32 interfaces

Revision History: 

112390-08 112390-03 112390-06 112390-09 112390-02 112390-10 112390-05 112390-07

Patch Installation Instructions: 

--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions: 

-----------------------------
Preform patch installation in single user mode.
Reboot the system after patch installation.
 
NOTE 1:  This is a patch for the domestic encryption kit-enhanced installation of
         Kerberos.  If pkginfo -l SUNWpk does not show one of these two package
         as versions, you will need the equivalent vanilla Kerberos patch, 
         available 112237.
 
         PKGINST:  SUNWk5pu    with  VERSION:  11.8.0,REV=1999.12.07.04.22
         PKGINST:  SUNWk5pu.2  with  VERSION:  11.8.0,REV=1999.12.07.04.22
 
NOTE 2:  Install patch 108987-07 (or newer) to correct several
         patch installation problems.
 
         108987-07 (or greater)  patch for patchadd and patchrm

README -- Last modified date:  Thursday, November 10, 2005