Disclaimer: 

Please note: Although OBSOLETED patches are available on SunSolve, Sun recommends using the most recent patches and the most recent revision of those patches. OBSOLETED patches do not include the latest bug fixes and/or product enhancements, and may require the installation of additional patches as a corrective measure.

Status: OBSOLETE

Patch Id: 115168-08

***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************

Summary: Obsoleted by: 115168-10 SunOS 5.9_x86: usr/lib/security/pam_krb5.so.1 patch

Date:  Jul/29/2005

Installation Requirements:

Reboot immediately after patch is installed                      
                      Install in Single User Mode

Solaris Release: 9_x86

Sun OS Release: 5.9_x86

Unbundled Product: 

Unbundled Release: 

Xref: This patch available for SPARC as patch 112908

Topic: 

SunOS 5.9_x86: usr/lib/security/pam_krb5.so.1 patch

Relevant Architecture: i386

BugId's fixed with this patch:

4430138 4516537 4526202 4630574 4711993 4727224 4743181 4744280 4770661 4794436 4807010 4830044 4836676 4837278 4841013 4846024 4847827 4851952 4865664 4881066 4882946 4995543 5004688 5031562 5055875 5063407 5096445 5109147 6261685 6284864

Changes incorporated in this version:

4851952 6261685 6284864

Patches accumulated and obsoleted by this patch:

113990-05

Patches which conflict with this patch: 

Required Patches:

Obsoleted by:

Files Included in this Patch: 

/kernel/misc/kgss/do_kmech_krb5
/kernel/misc/kgss/gl_kmech_krb5
/usr/lib/gss/gl/abi/abi_mech_krb5.so.1
/usr/lib/gss/gl/mech_krb5.so.1
/usr/lib/security/pam_krb5.so.1
/usr/lib/security/pam_krb5_migrate.so
/usr/lib/security/pam_krb5_migrate.so.1

Problem Description: 

4851952 krb5_os_localaddr() doesn't work correctly when multiple interfaces configured
6261685 Security : buffer overflow, heap corruption in KDC
6284864 krb5_recvauth() may free memory twice under certain conditions
 
(from 115168-07)
 
5096445 Kerberos mech should renew expired svc tickets, if presented with a valid tgt
5109147 krb5 nfs fails cause of stale xrealm tgt
4770661 no support for GSS_C_NO_CREDENTIAL in gss_accept_sec_context() krb5 mech
 
(from 115168-06)
 
5031562 rlogin -x fails after kerberos patch install
 
(from 115168-05)
 
4807010 Crash in the gssapi module
4837278 Kerberos utilities should include automigrate capability
5055875 buffer overflow in (undocumented) auth_to_local rules
4865664 gssapi/krb5 may hang with corrupted data
5063407 memory corruption between decode_krb5_ap_req() and krb5_gss_accept_sec_context()
 
(from 115168-04)
 
4995543 pam_krb5.so.1 from 112908-12 causes SEGV when using *su* or dtsession lock
5004688 Kerberos patch 112908-12 causes user passwords to be logged in clear text
 
(from 115168-03)
 
4794436 strict TGT verification in pam_krb5 should be configurable
4430138 pam_krb5 has wrong return codes for some service module function
4516537 pam_krb5 does not conform to the PAM standards set forth in pam(3PAM)
4711993 mech_krb5:  memory caching MUST be enabled in kerberos mech
4841013 krb5 memory cache code should use mktemp instead of mkstemp
4846024 krb5 err msg: login: /tmp/krb5cc_35224 owned by 35224 instead of 0
4881066 pam_krb5 setcred function causes BUS error due to incorrectly freed memory
 
(from 115168-02)
 
4836676 Bounds checks not in place for princs in krbv5
 
(from 115168-01)
 
4830044 pam_krb5 needs to be repository aware
 
(from 113990-05)
 
4882946 GSS_C_NO_BUFFER: gss_init_sec_context gives an Error code
 
(from 113990-04)
 
4836676 Bounds checks not in place for princs in krbv5
 
(from 113990-03)
 
4847827 Kerberos patch 112908-07 Error verifying TGT with host, Bad encryption type
 
(from 113990-02)
 
4630574 pam_krb5 should not reimplement utility functions and use libpam utilities
4743181 gss/kerberos frees a buffer returned to caller
 
(from 113990-01)
 
4526202 pam_krb5 auth can fail with multiple ftp sessions of same user
4727224 user application hangs at rpc_gss_seccreate()
4744280 gss_display_status() always returning error

Revision History: 

115168-07 115168-05 115168-04 115168-02 115168-06 113990-05 115168-01 115168-03

Patch Installation Instructions: 

--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions: 

-----------------------------
 
NOTE 1: To get the complete fix of bug 4836676 "Bounds checks not
        in place for princs in krbv5" please install the following patches:
 
        116044-01 (or greater) kdb5_util patch
        116045-01 (or greater) krb5kdc patch
        116046-02 (or greater) libkadm5srv.so.1 patch
 
NOTE 2: To get the complete fix of bug 4837278, please also install the following
	patches:
 
	116044-02 (or greater)  kdb5_util patch
	116046-04 (or greater)  libkadm5srv.so.1 patch

README -- Last modified date:  Wednesday, January 4, 2006