MIT Kerberos Vulnerabilities

Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.

Systems Affected

MIT Kerberos

Other products based on the GSS-API or the RPC libraries provided with MIT Kerberos may also be affected.

Overview

The MIT Kerberos administration daemon contains two vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code.

Description

We are aware of two vulnerabilities that affect the Kerberos administration daemon:

VU#481564 - Kerberos administration daemon fails to properly initialize function pointers

The MIT Kerberos administration daemon contains a vulnerability in the way pointers are handled that may allow a remote, unauthenticated user to execute arbitrary code. Other server applications that utilize the RPC library provided with MIT Kerberos may also be affected. This vulnerability can be triggered by sending a specially crafted Kerberos packet to a vulnerable system. Further details about this vulnerability are available from the MIT Kerberos Development Team.

VU#831452 - Kerberos administration daemon may free uninitialized pointers

The MIT Kerberos administration daemon contains a vulnerability that may allow an attacker to execute arbitary code. Other server applications that utilize the GSS-API library provided with MIT Kerberos may also be affected. Further details about this vulnerability are available from the MIT Kerberos Development Team.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code resulting in the compromise of the Kerberos key database or cause a denial of service.

Solution

These vulnerabilities are addressed in MIT krb5 Security Advisory 2006-002 and MIT krb5 Security Advisory 2006-003. Patches for these issues are also included in those advisories.

References

US-CERT Vulnerability Note VU#481564 - http://www.kb.cert.org/vuls/id/481564
US-CERT Vulnerability Note VU#831452 - http://www.kb.cert.org/vuls/id/831452
MIT krb5 Security Advisory 2006-002 - http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
MIT krb5 Security Advisory 2006-003 - http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt

Revision History

January 09, 2007: Initial release

This product is provided subject to this Notification and this Privacy & Use policy.