US-CERT Technical Cyber Security Alert TA07-009B -- MIT Kerberos Vulnerabilities

National Cyber Alert System

Technical Cyber Security Alert TA07-009B

MIT Kerberos Vulnerabilities

Original release date: January 09, 2007
Last revised: --
Source: US-CERT

Systems Affected

MIT Kerberos

Other products based on the GSS-API or the RPC libraries provided with MIT Kerberos may also be affected.

Overview

The MIT Kerberos administration daemon contains two vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code.

I. Description

We are aware of two vulnerabilities that affect the Kerberos administration daemon:

VU#481564 - Kerberos administration daemon fails to properly initialize function pointers
The MIT Kerberos administration daemon contains a vulnerability in the way pointers are handled that may allow a remote, unauthenticated user to execute arbitrary code. Other server applications that utilize the RPC library provided with MIT Kerberos may also be affected. This vulnerability can be triggered by sending a specially crafted Kerberos packet to a vulnerable system. Further details about this vulnerability are available from the MIT Kerberos Development Team.

VU#831452 - Kerberos administration daemon may free uninitialized pointers
The MIT Kerberos administration daemon contains a vulnerability that may allow an attacker to execute arbitary code. Other server applications that utilize the GSS-API library provided with MIT Kerberos may also be affected. Further details about this vulnerability are available from the MIT Kerberos Development Team.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code resulting in the compromise of the Kerberos key database or cause a denial of service.

III. Solution

These vulnerabilities are addressed in MIT krb5 Security Advisory 2006-002 and MIT krb5 Security Advisory 2006-003. Patches for these issues are also included in those advisories.

IV. References

US-CERT Vulnerability Note VU#481564 - <http://www.kb.cert.org/vuls/id/481564>
US-CERT Vulnerability Note VU#831452 - <http://www.kb.cert.org/vuls/id/831452>
MIT krb5 Security Advisory 2006-002 - <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt>
MIT krb5 Security Advisory 2006-003 - <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt>

Feedback can be directed to US-CERT.

Produced 2007 by US-CERT, a government organization. Terms of use

Revision History

January 09, 2007: Initial release

Last updated January 09, 2007

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting