>> Kerberos Multiple Code Execution and Denial of Service Vulnerabilities
Title : Kerberos Multiple Code Execution and Denial of Service Vulnerabilities VUPEN ID : VUPEN/ADV-2008-0922 CVE ID : CVE-2008-0062 - CVE-2008-0063 - CVE-2008-0947 - CVE-2008-0948
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2008-03-19
Technical Description
Multiple vulnerabilities have been identified in Kerberos, which could be exploited by attackers to gain knowledge of sensitive information, cause a denial of service or take complete control of an affected system.
The first issue is caused by errors in KDC when handling krb4 messages, which could be exploited by an unauthenticated remote attacker to cause a krb4-enabled KDC to crash, disclose sensitive information, or execute arbitrary code.
The second vulnerability is caused by an error in KDC when handling incoming krb4 messages, which could be exploited by unauthenticated remote attackers to cause a krb4-enabled KDC to expose sensitive stack memory data (e.g. secret key data on certain platforms).
The third issue is caused by memory corruption errors in the RPC library when multiple file descriptors are opened, which could result in database corruption or arbitrary code execution.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
