Re: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:40.kadmind

From: KIMURA Yasuhiro (yasu@utahime.org)
Date: 11/18/02

• Next message: Jacques A. Vidrine: "Re: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:40.kadmind"
• Previous message: David G. Andersen: "Portmap localhost bind bug - commit fix?"
• Next in thread: Jacques A. Vidrine: "Re: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:40.kadmind"
• Reply: Jacques A. Vidrine: "Re: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:40.kadmind"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 18 Nov 2002 10:22:18 +0900 (JST)
To: freebsd-security@freebsd.org
From: KIMURA Yasuhiro <yasu@utahime.org>

>>>>> FreeBSD Security Advisories <security-advisories@FreeBSD.org> wrote:

> V. Solution
(snip)
> 2) To patch your present system:
(snip)
> b) Execute the following commands as root:
> # cd /usr/src
> # patch < /path/to/patch
> # cd /usr/src/kerberos5/libexec/k5admind
> # make depend && make all install
> # cd /usr/src/kerberosIV/usr.sbin/kadmind
> # make depend && make all install

I tried instructions above on my 4.7-RELEASE pc and failed to build
k5admind and kandmind.

sugar# cd /usr/src/kerberos5/libexec/k5admind/
sugar# make depend && make all install
mkdir kadm5
cp /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/kadm5/private.h kadm5/private.h
cp /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/kadm5/admin.h kadm5/admin.h
test -e /usr/src/kerberos5/libexec/k5admind/kadm5_err.et || ln -sf /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/kadm5/kadm5_err.et
compile_et kadm5_err.et
cd /usr/src/kerberos5/libexec/k5admind/kadm5 && ln -sf ../kadm5_err.h
rm -f .depend
mkdep -f .depend -a -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/include -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/roken -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/krb5 -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/asn1 -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/sl -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/kadm5 -I/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin -I/usr/src/kerberos5/libexec/k5admind/../../lib/libasn1 -I/usr/src/kerberos5/libexec/k5admind/../../lib/libhdb -I/usr/src/kerberos5/libexec/k5admind -I/usr/src/kerberos5/libexec/k5admind/../../include -DHAVE_CONFIG_H -DKRB5_KRB4_COMPAT -DKRB4 -DINET6 /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmind.c /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/server.
 c /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadm_conn.c /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/version4.c
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:92,
                 from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmind.c:34:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:39: hdb_err.h: No such file or directory
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:41: hdb_asn1.h: No such file or directory
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmind.c:34:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:93: hdb_err.h: No such file or directory
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:92,
                 from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/server.c:34:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:39: hdb_err.h: No such file or directory
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:41: hdb_asn1.h: No such file or directory
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/server.c:34:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:93: hdb_err.h: No such file or directory
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:92,
                 from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadm_conn.c:34:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:39: hdb_err.h: No such file or directory
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:41: hdb_asn1.h: No such file or directory
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadm_conn.c:34:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:93: hdb_err.h: No such file or directory
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:92,
                 from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/version4.c:33:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:39: hdb_err.h: No such file or directory
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/lib/hdb/hdb.h:41: hdb_asn1.h: No such file or directory
In file included from /usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/version4.c:33:
/usr/src/kerberos5/libexec/k5admind/../../../crypto/heimdal/kadmin/kadmin_locl.h:93: hdb_err.h: No such file or directory
mkdep: compile failed
*** Error code 1

Stop in /usr/src/kerberos5/libexec/k5admind.
sugar# cd /usr/src/kerberosIV/usr.sbin/kadmind/
sugar# make depend && make all install
rm -f .depend
mkdep -f .depend -a -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/include -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/lib/roken -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/lib/sl -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/lib/acl -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/lib/kadm -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/lib/kdb -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/lib/krb -I/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin -I/usr/src/kerberosIV/usr.sbin/kadmind/../../lib/libkadm -I/usr/src/kerberosIV/usr.sbin/kadmind/../../lib/libkrb -I/usr/src/kerberosIV/usr.sbin/kadmind/../include -I/usr/src/kerberosIV/usr.sbin/kadmind/../../include -DHAVE_CONFIG_H -I/usr/src/kerberosIV/usr.sbin/kadmind/../../include -DBINDIR=\"/usr/bin\" -DSBINDIR=\"/usr/sbin\" -DLIBEXECDIR=\"/usr/libexec\" /usr/src/ker
 berosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_server.c /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_funcs.c /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/admin_server.c /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_ser_wrap.c /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/pw_check.c
In file included from /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_server.c:26:
/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_locl.h:38: protos.h: No such file or directory
In file included from /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_funcs.c:31:
/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_locl.h:38: protos.h: No such file or directory
In file included from /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/admin_server.c:31:
/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_locl.h:38: protos.h: No such file or directory
In file included from /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_ser_wrap.c:31:
/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_locl.h:38: protos.h: No such file or directory
In file included from /usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/pw_check.c:34:
/usr/src/kerberosIV/usr.sbin/kadmind/../../../crypto/kerberosIV/kadmin/kadm_locl.h:38: protos.h: No such file or directory
mkdep: compile failed
*** Error code 1

Stop in /usr/src/kerberosIV/usr.sbin/kadmind.
sugar#

Are there anything else that I should do to patch my 4.7R system?

And one more question. This adovisary says:

> The k5admind server is installed as part of the `krb5' distribution,
> or when building from source with MAKE_KERBEROS5 set. The kadmind
> server is installed as part of the `krb4' distribution, or when
> building from source with MAKE_KERBEROS4 set. Neither is installed by
> default.

But both k5admind and kadmind are installed on my 4.7R systems.

sugar# ls -l /usr/sbin/kadmind
-r-xr-xr-x 1 root wheel 21808 Oct 9 21:51 /usr/sbin/kadmind
sugar# ls -l /usr/libexec/k5admind
-r-xr-xr-x 1 root wheel 19704 Oct 9 21:55 /usr/libexec/k5admind
sugar#

I selected "X-Developer" when I install these systems. Isn't it the
"default installation" describled above?

---
KIMURA Yasuhiro
Mail: yasu@utahime.org
WWW:  http://www.utahime.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Jacques A. Vidrine: "Re: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:40.kadmind"
• Previous message: David G. Andersen: "Portmap localhost bind bug - commit fix?"
• Next in thread: Jacques A. Vidrine: "Re: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:40.kadmind"
• Reply: Jacques A. Vidrine: "Re: ANNOUNCE: FreeBSD Security Advisory FreeBSD-SA-02:40.kadmind"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: TCPIP5.4 patch 5 problem ... Seem to me that it would be a trivial matter for the patch to produce message ... then PRODUCT INSTALL TCPIP and then PRODUCT ... TCPIP V5.4 is not supported on OpenVMS Alpha V7.3 ... (comp.os.vms) Whats up with patch 119728-01 for Solaris 10? ... every time I run 'smpatch update' on Solaris 10 machines, ... Failed to install the patch. ... (comp.unix.solaris) Re: Cant Install Perl as Non-Root ... So how do I patch Dynaloader? ... Apply this patch with patch -p0 <cwd.patch from in the perl source ... install XS modules sucessfully, and make sure you don't upgrade ... (comp.lang.perl.misc) Re: KB835732 Nightmare ... How can I find out when they issue a patch if it will bite me ... Don't install new patches immediately. ... (microsoft.public.win2000.windows_update) Re: Office 2003 Updates error - ouerror.gif (0/1) ... it would not let me install ... attempting to install any of the individual, downloaded patch EXE?s? ... No valid sequence could be found for the set of patches. ... Office Professional Edition 2003 Version 11.0.6361.0: ... (microsoft.public.officeupdate)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint