|
|
>> MIT Kerberos Multiple Remote Command Execution and DoS Vulnerabilities
|
Multiple vulnerabilities have been identified in MIT Kerberos, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system.
The first issue is caused by a buffer overflow error in the implementation of the RPCSEC_GSS authentication and the "svcauth_gss_validate()" [src/lib/rpc/svc_auth_gss.c] function when processing RPC messages, which could be exploited by remote unauthenticated attackers to crash an affected application or execute arbitrary code with elevated privileges.
The second vulnerability is caused by a memory corruption error in the "kadm5_modify_policy_internal()" [src/lib/kadm5/srv/svr_policy.c] function that does not properly check return values of the "krb5_db_get_policy()" function, which could be exploited by authenticated attackers with "modify policy" privileges to crash an affected application or execute arbitrary code with elevated privileges.
Affected Products
MIT Kerberos 5
Solution
Apply patches or upgrade to Kerberos 5 version 1.5.5 or 1.6.3 :
http://web.mit.edu/kerberos/advisories/2007-006-patch.txt
References
http://www.vupen.com/english/advisories/2007/3051
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-006.txt
http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
Credits
Vulnerabilities reported by Tenable Network Security, ZDI and Garrett Wollman (MIT CSAIL).
ChangeLog
2007-09-05 : Initial release
2007-09-09 : Updated References
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
