While development work has stopped on the 1.0 branch of the Kerberos code with the release of 1.1, a significant host security vulnerability involving ksu was found and announced recently. Since some sites have had difficulty with the upgrade to version 1.1, we are providing an update to 1.0.6 that fixes this problem. It also contains some minor Y2K updates to the test suite so we could run it before shipping this update.

The MIT Kerberos Team is proud to announce the availability of MIT Kerberos V5 Release 1.0.6. This release is a bug-fix release only; there are no major feature enhancements over the 1.0.5 release. A list of major changes since 1.0.5 follows; please see individual ChangeLogs for details.

• Several Y2K related bugs have been fixed. None of these bugs should impact normal operation, since the majority of them are related to logging and somewhat obscure input translation functions.
• Many programs that log hostnames in utmp or wtmp have been changed to use a new function in the pty library which will adjust the hostname for logging purposes. This includes logging IP addresses when the hostname would be longer than a certain length, thus making certain types of security incident analysis easier.
• Various changes have been made to allow compilation under glibc 2.1.
• Some transited realm handling in the krb5 library and in the kdc has been improved, including some bugs involving reading stack garbage and various potential overruns.
• Various programs have been fixed to properly set the luid on OSF/1 systems with enhanced security enabled.
• Various programs have had buffer sizes increased to deal with larger tickets.
• krshd now correctly works for krb4 encrypted rcp.
• A kcmd bug that resulted in host address smashing has been fixed.
• login.krb5 now correctly compiles on some 4.4BSD systems that were previously failing.
• Some bugs with login.krb5's string handling have been fixed by judicious use of strncpy().
• gssftp no longer sends passwords in cleartext.
• gssftp now successfully communicates with CNS krb4 ftpds.
• A Y2K bug was fixed in the gssftp / gssftpd MDTM command.
• Miscellaneous memory-management bugs were fixed in gssftp.
• An urgent data handling bug in gssftpd that caused premature connection closes on some types of client aborts has been fixed.
• gssftpd no longer loops under certain conditions involving gssapi library error conditions.
• Various questionable uses of strcat() have been removed from gssftpd.
• gssftpd can no longer be used to perform "bounce attacks" against ports less than 1024.
• gssftpd has been fixed to deal better with signals.
• gssftpd no longer syslogs passwords.
• gssftpd no longer allows anonymous logins to create directories.
• ksu no longer tries to free freed memory.
• kadmind now logs procedure numbers reasonably and no longer tries to fall off the end of an array if a procedure number is not found.
• The kdc no longer tries to hand out an invalid ticket when two different clients attempt to request a ticket for the same principal simultaneously.
• The kdc no longer uses a replay cache.
• Various fixes have been applied to the gssapi library to make some gssv2 functions work.
• gss_wrap_size_limit() should work properly now.
• The krb4 library now correctly finds a srvtab when its location is specified in krb5.conf.
• A potential race condition in the krb4 ticket handling code has been fixed.
• The krb5 library now properly handles ASN.1 BIT STRING values that are not exactly 32 bits long.
• The krb5 library ASN.1 decoder no longer gets out of sync if presented with extra fields in a SEQUENCE type.
• The krb5 library ASN.1 encoder now sanity-checks the return from gmtime() to avoid buffer overruns.
• Some nasty memory-corrupting bugs in krb5_sendauth() and krb5_recvauth() have been fixed.
• The krb5 <-> krb4 principal conversion functions have been updated with additional service names.
• A bug involving linked list corruption has been fixed in the profile library.
• The pty library now fails to truncate pid entries.
• LOGIN_PROCESS entries are no longer recorded in utmp by the pty library, as they confuse some systems.
• Several portability fixes have been made to the pty library.

For more information about obtaining the 1.0.6 release, click here.

The MIT Kerberos Team is proud to announce the release of MIT Kerberos V5 Release 1.0.5. This release is a bug-fix release only; there are no feature enhancements over the previous release. The following bugs were fixed:

• A buffer size problem in klogind that was causing some redisplay problems under Irix has been fixed. [krb5-appl/527]
• v4rcp no longer explicitly refers to sys_errlist.
• Buffer overruns have been repaired in ftpd.
• ftpd now no longer has a name collision with the native log_wtmp() function on some platforms.
• A buffer overrun in telnetd has been fixed.
• ksu no longer allows the use of an expired cached ticket. [krb5-clients/545]
• The KDC now checks the length of incoming krb4 packets to avoid overruns.
• The KDC actually returns a valid error packet in cases where it had failed to in the past, which could cause coredumps.
• A logic bug in the gssapi library that caused krb5_gss_wrap_size_limit() to return an incorrect size has been fixed.
• The gssapi library now caches its rcache, preventing a file descriptor leak. [krb5-libs/370]
• Memory leaks, freeing of freed memory, and failure to check the return values of memory-allocating functions have been repaired in the library. [krb5-libs/518]
• The "errno" member a db internal structure has been renamed to avoid conflicting with a macro definition of "errno" in glibc.
• The profile parser has been vastly improved to strip trailing whitespace and provide a real quoting mechanism.
• A goof in the previous fencepost error fix to the pty library has been fixed.

The MIT Kerberos Team is proud to announce the release of MIT Kerberos V5 Release 1.0.4. This release is a bug-fix release only; there are no feature enhancements over the previous release. The following bugs were fixed:

• A typo in krlogind.c that caused rd_and_store_for_creds to be called with the wrong arguments has been fixed.
• Telnetd now has the forwarded credentials security hole fixed as well.
• An incorrect buffer length in telnetd has been corrected.
• The KDC now verifies that strings to be logged are non-NULL prior to syslogging.
• A fencepost error in the pty library has been corrected.
• The pty library no longer tries to chown a zero-length filename.

The MIT Kerberos Team is proud to announce the release of MIT Kerberos V5 Release 1.0 patchlevel 3. This release is a bug-fix release only; there are no feature enhancements over the previous release. The following bugs were fixed:

• krb5-appl/500: A bug that caused kshd to not verify checksums when provided by a krb5 client when neither -c nor -i are given has been fixed. This closes a possible replay attack. NOTE: This means that compatibliity with pre-beta-5 krsh clients to fail, unless you use the -i option to disable checksum verification.
• krb5-appl/494: A ticket chowning bug in kshd and klogind has been fixed. This avoids a possible race condition.
• krb5-appl/488: A potential buffer overrun in klogind has been fixed.
• krb5-kdc/461: A bug in transited realm handling has been fixed. This bug could lead to kdc coredumps.
• Some kdc internals have been patched to limit the lengths of strings.
• A bug in the library that caused a zero endtime (encoded as 1-JAN-1970 GMT 00:00:00) to be sent instead of the TGT endtime for a TGS request has been fixed.

The MIT Kerberos Team is proud to announce the release of MIT Kerberos V5 Release 1.0 patchlevel 2. This release is a bug-fix release only; there are no feature enhancements over the previous release. The following bugs were fixed:

• A bug in the gssapi-rpc library that prevents an rpc server from handling more than two simultaneous connections
• Security problem: A potential security vulnerability in telnetd that may allow a remote user to gain root privileges on systems with a broken tgetent() library function

The MIT Kerberos Team is proud to announce the availability of MIT Kerberos V5 Release 1.0 patchlevel 1. This release is a bug-fix release only; there are no feature enhancements over the 1.0 release. The following bugs were fixed:

• krb5-appl/1167: kshd fails if home directory not attached
• krb5-libs/302: Bad library name in krb5_16.def (for Windows port)
• krb5-misc/307: Macintosh bin directories not automatically created
• krb5-clients/309: Cygnus/KerbNet name in Windows programs removed
• krb5-kdc/310: Setting the preauth flag on a principal in the database causes the KDC to coredump.
• krb5-libs/357: krb5_sendauth can return freed memory
• krb5-appl/326: rlogin should set HOME, PATH, etc. environment variables.
• krb5-libs/206: fix cross-realm ticket forwarding
• krb5-admin/386: server lib reallocs NULL pointer (which doesn't work under SunOS).
• krb5-admin/341: kdb5_util load_v4 with default stash file causes segmentation fault
• krb5-kdc/361: KDC dumps core if kvno/keytype not found.
• krb5-doc/355: docs refer to send-pr instead of krb5-send-pr
• krb5-misc/400: send-pr portability problems (fix to do run-time detection of certain OS features)
• krb5-build/403: bash-2.02 syntax errs on recursion rules. (Bash 2.0 is stricter than all other bourne shells)
• krb5-libs/325: required timestamp not included in SAM_RESPONSE generation
• krb5-libs/352: gss_init_sec_context doesn't accept all forms of null buffer
• krb5-libs/366: rcache is checked using ruid instead of euid
• Security problem: potential buffer overrun bug in telnetd
• Security problem: potential buffer overrun if the libkrb4 compat library is used to link setuid kerberos 4 programs like ksu. (Not an issue if the libkrb4 compat library is only used with the application programs shipped with the MIT Kerberos V5 release).

At long last, the MIT Kerberos Team is proud to announce the availability of MIT Kerberos V5 Release 1.0. This release includes everything you need to set up and use Kerberos, including:

• The Kerberos server.

• A full-featured Kerberos administration system, including support for password policies.

• Secure, encrypting versions of common network utilities: telnet, rlogin, rsh, rcp, ftp.

• All the libraries needed to integrate Kerberos security into new applications: GSS-API libraries, Kerberos 5 libraries, cryptographic algorithms, and more.

This release is available both as source code and as pre-built binary distributions for a number of Unix platforms. To retrieve either the source or binary distriubtions, click here. (See below for instructions on obtaining the source distribution via FTP.)

Warning: We are providing binary distributions for this release as a convenience to sites that are interested in experimenting with Kerberos for the first time, without needing to build it all from source. However, in general it is a very bad idea to run security software that you've downloaded from the net, since you have no way of knowing whether someone has left any "surprises" behind. If you are going to be using Kerberos V5 in production, we strongly recommend that you get the Krb5 sources and build the Krb5 distribution yourself."

MIT Kerberos V5 Release 1.0 has been tested on at least the following platforms:

• Digital Unix (OSF/1) 3.2
• Digital Unix (OSF/1) 4.0
• HPUX 10
• FreeBSD 2.1
• (i386) NetBSD 1.1
• (i386) NetBSD 1.2
• (m68k) NetBSD 1.2
• (sparc) NetBSD 1.2
• (i386) Linux 2.x
• Ultrix 4.2
• Irix 5.3
• AIX 3.2.5
• SunOS 4.1
• Solaris 2.4
• Solaris 2.5.1

The Macintosh port is now fully functional, although the UI still leaves much to be desired. This will be the focus of future work on this platform.

The Windows 16 port is also fully functional, although one major (but obvious and easy to correct) bug crept in at the last minute. (See our known bugs web page for more details.) One major difference from the previous Beta releases is that the DLL has been renamed from LIBKRB5.DLL to KRB5_16.DLL. This is to avoid conflicts with the a 32 bit version of the Krb5 DLL.

Unfortunately delays with stablizing and integrating the NT release prevented us from shipping this functionality with the 1.0 release. Please see the NT Alpha 2 announcement for more details about the latest NT development snapshot.

Notes and Major Changes since Beta 7

• We are now using the GNATS system to track bug reports for Kerberos V5. It is therefore helpful for people to use the krb5-send-pr program when reporting bugs. The old interface of sending mail to krb5-bugs@mit.edu will still work; however, bug reports sent in this fashion may experience a delay in being processed.
• The default keytab name has changed from /etc/v5srvtab to /etc/krb5.keytab.
• login.krb5 no longer defaults to getting krb4 tickets.
• The Windows (win16) DLL, LIBKRB5.DLL, has been renamed to KRB5_16.DLL. This change was necessary to distinguish it from the win32 version, which will be named KRB5_32.DLL. Note that the GSSAPI.DLL file has not been renamed, because this name was specified in a draft standard for the Windows 16 GSSAPI bindings. (The 32-bit version of the GSSAPI DLL will be named GSSAPI32.DLL.)
• The directory structure used for installations has changed. In particular, files previously located in $prefix/lib/krb5kdc are now normally located in $localstatedir/krb5kdc, and krb5.conf is searched for in $sysconfdir. With the normal configure options, this means the KDC database goes in /usr/local/var/krb5kdc by default. If you wish to have the old behavior, then you would use a configure line like the following:

  configure --prefix=/usr/local --sysconfdir=/usr/local/lib --localstatedir=/usr/local/lib

  Please note that the README file in the source distribution is missing the "--localstatedir" flag.
• kshd has been modified to accept krb4 encrypted rcp connections; for this to work, the v4rcp program must be in the bin directory.

• The simplest way to get the 1.0.6 release is via the Web.
• Via FTP:

  FTP to athena-dist.mit.edu, in /pub/kerberos. Get the file README.KRB5-1.0.6. It will contain instructions on how to obtain the 1.0.6 release.

Acknowledgements

Appreciation Time!!!! There are far too many people to try to thank them all; many people have contributed to the development of Kerberos V5. This is only a partial listing....

• Thanks to Paul Vixie and the Internet Software Consortium for funding the work of Barry Jaspan. This funding was invaluable for the OV administration server integration, as well as the 1.0 release preparation process.
• Thanks to John Linn, Scott Foote, and all of the folks at OpenVision Technologies, Inc., who donated their administration server for use in the MIT release of Kerberos.
• Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken Raeburn, and all of the folks at Cygnus Support, who provided innumerable bug fixes and portability enhancements to the Kerberos V5 tree. Thanks especially to Jeff Bigler, for the new user and system administrator's documentation.
• Thanks to Doug Engert from ANL for providing many bug fixes, as well as testing to ensure DCE interoperability.
• Thanks to Ken Hornstein at NRL for providing many bug fixes and suggestions.
• Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for their many suggestions and bug fixes.
• Thanks to the members of the Kerberos V5 development team at MIT, both past and present: Jay Berkenbilt, Richard Basch, John Carr, Don Davis, Nancy Gilman, Sam Hartman, Marc Horowitz, Barry Jaspan, John Kohl, Cliff Neuman, Kevin Mitchell, Paul Park, Ezra Peisach, Chris Provenzano, Jon Rochlis, Jeff Schiller, Harry Tsai, Ted Ts'o, Tom Yu.