Disclaimer: 

Please note: Although OBSOLETED patches are available on SunSolve, Sun recommends using the most recent patches and the most recent revision of those patches. OBSOLETED patches do not include the latest bug fixes and/or product enhancements, and may require the installation of additional patches as a corrective measure.

Status: OBSOLETE

Patch Id: 112925-07

***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************

Summary: Obsoleted by: 112925-08 SunOS 5.9: ktutil kdb5_util kadmin kadmin.local kadmind Patch

Date:  Aug/10/2007

Installation Requirements:

Reboot after installation, an alternative may be in Special Install Instructions

Solaris Release: 9

Sun OS Release: 5.9

Unbundled Product: 

Unbundled Release: 

Xref: This patch available for SPARC as patch 116044

Topic: 

SunOS 5.9: ktutil kdb5_util kadmin kadmin.local kadmind Patch

Relevant Architecture: sparc

BugId's fixed with this patch:

4197937 4220042 4642879 4646370 4836676 4837278 4955217 5110105 6538001 6562672

Changes incorporated in this version:

6538001 6562672

Patches accumulated and obsoleted by this patch:

112731-02

Patches which conflict with this patch: 

Required Patches:

112908-01 (or greater)

Obsoleted by:

Files Included in this Patch: 

/usr/bin/ktutil
/usr/lib/krb5/kadmind
/usr/sbin/kadmin
/usr/sbin/kadmin.local
/usr/sbin/kdb5_util

Problem Description: 

6538001 KDC, kadmind stack overflow in krb5_klog_syslog (CVE-2007-0957)
6562672 kadmind vulnerable to buffer overflow [ MITKRB5-SA-2007-005 ]
 
(from 112925-06)
 
5110105 addprinc with -randkey, {-/+} <flag> does *not* honor default_principal_flags
 
(from 112925-05)
 
4955217 kadmind grows to use a large amount of memory and eventually runs out of swap
 
(from 112925-04)
 
4837278 Kerberos utilities should include automigrate capability
 
(from 112925-03)
 
4836676 Bounds checks not in place for princs in krbv5
 
(from 112925-02)
 
4646370 kadmin listprincs needs paging for accessibility
 
(from 112925-01)
 
        This patch revision accumulates and obsoletes Solaris Update s9u1
        feature point patch 112731-02.
 
(from 112731-02)
 
        This patch revision synchronizes the package version strings
        between s9 and s9u1
 
(from 112731-01)
 
4642879 Kerberos Mechanism Re-sync with MIT 1.2.1
4197937 gss_init_sec_context() doesn't set GSS_C_TRANS_FLAG
4220042 "kadmin: add_principal -expire "9/1/1999 7:00am" xhu"  doesn't work

Revision History: 

112925-04 112925-06 112925-02 112925-01 112925-05 112925-03

Patch Installation Instructions: 

--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions: 

-----------------------------
 
NOTE 1:  To get the complete Kerberos feature, please also install the
         following patches:
 
         112907-01 (or greater)  libgss patch
         112908-01 (or greater)  krb5 shared object patch
         112921-01 (or greater)  libkadm5 patch
         112922-01 (or greater)  krb5 lib patch
         112923-01 (or greater)  krb5 usr/lib patch
         112924-01 (or greater)  kinit klist kpasswd patch
 
NOTE 2:  To get the complete fix of bug 4836676 (Bounds checks not in 
         place for princs in krbv5), please also install the following 
         patches:
 
         112921-02 (or greater)  libkadm5 patch 
         112923-03 (or greater)  krb5 usr/lib patch 
         112908-10 (or greater)  krb5 shared object patch
 
NOTE 3:  To get the complete fix for bugID 4937278, please also install the
         following patches:
 
         112908-15 (or greater)  krb5 shared object patch
         112921-05 (or greater)  libkadm5 patch
 
NOTE 4:  To get the complete fix for bugID 5110105 (addprinc with -randkey, 
         {-/+} <flag> does *not* honor default_principal_flags), please also 
	 install the following patch:
 
         112921-07 (or greater)  libkadm5 patch
 
NOTE 5:  To get the complete fix for KDC, kadmind stack overflow and buffer
         overflow, please install the following patches:
 
         112921-09 (or greater)  libkadm5 patch
         112923-04 (or greater)  krb5 usr/lib patch

README -- Last modified date:  Thursday, November 8, 2007