
Se han encontrado huecos en Kerberos v4. Aqui teneis la informacion:
Return-Path: <owner-cypherpunks@toad.com> Received: from control (controli.retesa.es) by sun2.retesa.es (5.x/SMI-SVR4) id AA01592; Tue, 20 Feb 1996 09:59:01 GMT Received: by control (SMI-8.6/SMI-SVR4) id DAA19612; Tue, 20 Feb 1996 03:02:47 -0800 Received: from relay3.uu.net(192.48.96.8) by control via smap (V1.3) id sma019610; Tue Feb 20 03:02:35 1996 Received: from toad.com by relay3.UU.NET with SMTP id QQadse08697; Tue, 20 Feb 1996 04:01:50 -0500 (EST) Received: by toad.com id AA24982; Tue, 20 Feb 96 00:28:15 PST Received: from sfi.santafe.edu by toad.com id AA24976; Tue, 20 Feb 96 00:28:11 PST Received: from nelson.santafe.edu by sfi.santafe.edu (4.1/SMI-4.1) id AA02389; Tue, 20 Feb 96 01:24:08 MST Received: (from nelson@localhost) by nelson.santafe.edu (8.7.1/8.7.1) id BAA21074; Tue, 20 Feb 1996 01:28:01 -0700 Date: Tue, 20 Feb 1996 01:28:01 -0700 Message-Id: <199602200828.BAA21074@nelson.santafe.edu> From: Nelson Minar <nelson@santafe.edu> To: cypherpunks@toad.com Subject: breakable session keys in Kerberos v4 Sender: owner-cypherpunks@toad.com Precedence: bulk Content-Type: text Status: O
I'm a bit suprised this hasn't turned up yet on Cypherpunks. A couple of forwarded messages: first, an announcement made Fri Feb 16 by Gene Spafford at COAST about an exploitable flaw they've found in Kerberos, and then a comment on the www-security list that it is due to a bad random number generator. Same old story!
The message (lifted from the COAST web site) -----BEGIN PGP SIGNED MESSAGE-----
Personnel at the COAST Laboratory (Computer Operations, Audit, and Security Technology) at Purdue University have discovered a vulnerability in current versions of the Kerberos security system. Graduate students Steve Lodin and Bryn Dole, working with Professor Eugene Spafford, have discovered a method whereby someone without privileged access to most implementations of a Kerberos 4 server can nonetheless break secret session keys issued to users. This means that it is possible to gain unauthorized access to distributed services available to a user without knowing that user's password. This method has been demonstrated to work in under 1 minute, on average, using a typical workstation, and sometimes as quickly as 1/5 second.
The Kerberos system was developed at MIT in the mid-1980s, and has been widely adopted for security in distributed systems worldwide. Kerberos is most often used on UNIX platforms by various vendors, and is often enhanced, sold and supported by 3rd-party vendors for use in academic, government, and commercial environments.
The same researchers at COAST have also found a small, theoretical weakness in Kerberos version 5 that would allow similar access, given some additional information and considerable preliminary computation. Kerberos version 5 does not exhibit the same weakness as described above for Kerberos version 4.
The researchers at COAST had intended to release the specific details of the problem to affected vendors and incident response teams during the week of February 19, prior to making a public announcement of their findings. However, as rumors have begun to circulate and several representatives of the news media have apparently received indication of the problem, we are releasing this preliminary announcement at this time.
Government and industry sponsors of the COAST Laboratory were made aware of the preliminary details of these findings in January (full sponsors receive early notification of significant discoveries as a result of COAST research). Other affiliates of COAST as well as the world-wide network of FIRST computer incident response teams were made aware of the general nature of the findings during the week of February 5. The original plan at COAST was to release specific details only to FIRST (Forum of Incident Response and Security Teams) teams and to MIT prior to announcement by affected vendors of a fix for these weaknesses. The flaw in Kerberos version 4 is significant enough that disclosure of its details prior to a fix would allow someone with moderate programming skills to exploit it; there is currently no reason to believe that others know the details of the flaw and are exploiting it, so there is no immediate danger to the public that would warrant release of the details at this time.
COAST personnel have been informed that MIT has already developed a fix for the flaw in version 4 Kerberos and is preparing it for release. Additionally, COAST researchers are cooperating with MIT personnel to identify what (if any) fixes are necessary for version 5 Kerberos. Users of either version of Kerberos should contact their vendors for details of any fixes that may be made available; vendors of products incorporating Kerberos should contact MIT directly for details of the problems and fixes.
COAST is a research group of faculty and students dedicated to research into information security and computer crime investigation, and education in computer and network security. It is the largest such university-based group in the United States.
Information on COAST may be found on the WWW at http://www.cs.purdue.edu/coast Information on FIRST teams may be found on the WWW at http://www.first.org Information on MIT's Kerberos may be found on the WWW at ftp://athena-dist.mit.edu/pub/kerberos/doc/KERBEROS.FAQ
-----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Key @ ftp://ftp.cs.purdue.edu/pub/spaf/pers/pgpkey.asc
iQCVAwUBMSZ42cpvK4P8DALVAQHg8QP/TRmqwP7vG32aaBjvbMof2iuVQ2bcWrg9 p55KN5wBfrBzxq5/NE+6lodkqq2w1ib8q/47uYT1S8iR+z2tnbvL64dxrtDEh4iY iEWjfpTMtQxLmZ1gA3Sxxn4A+6KwlXq5z4Lp2BROUXyeSR7HPAEeEQucRNWkzz8o IOMHuBAcBKo= =yWxe -----END PGP SIGNATURE-----
(a comment I found in reply)
------- Start of forwarded message ------- From: jis@mit.edu (Jeffrey I. Schiller) Subject: Re: Kerberos Vulnerability Newsgroups: hks.lists.www-security Date: 19 Feb 1996 21:42:08 -0500 Organization: HKS, Inc. Path: hks.net!news-mail-gateway!owner-www-security Lines: 8 Sender: root@hks.net Message-ID: <ad4e9fc40602100421be@[18.162.1.1]> NNTP-Posting-Host: bb.hks.net
There will be a fix distributed by MIT later this week. The problem is that the random number generator in V4 is worse then we thought! The fix is to retrofit the V5 generator (which is decent) into the V4 KDC. Note: Only the KDC needs to be updated, clients and servers are unaffected.
-Jeff
------- End of forwarded message -------
Agustín Santos Méndez, RETESA, S.A. C/Orense 4, Planta 10. 28020 MADRID SPAIN. Ph: +34.1.342.67.91 Fax +34.1.597.28.77 E-mail: asantos@retesa.es