US-CERT Technical Cyber Security Alert TA07-177A -- MIT Kerberos Vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                        National Cyber Alert System

                 Technical Cyber Security Alert TA07-177A


MIT Kerberos Vulnerabilities

   Original release date: June 26, 2007
   Last revised: --
   Source: US-CERT


Systems Affected

     * MIT Kerberos

   Other products that use the RPC library provided with MIT Kerberos or
   other RPC libraries derived from SunRPC may also be affected.


Overview

   The MIT Kerberos 5 implementation contains several vulnerabilities.
   Exploitation of these vulnerabilities could allow a remote,
   unauthenticated attacker to execute arbitrary code or cause a denial
   of service on a vulnerable system.


I. Description

   There are three vulnerabilities that affect MIT Kerberos 5:

     * VU#356961 - MIT Kerberos RPC library gssrpc__svcauth_gssapi()
       uninitialized pointer free vulnerability

       A vulnerability in the MIT Kerberos administration daemon
       (kadmind) may allow an uninitialized pointer to be freed, which
       may allow a remote, unauthenticated user to execute arbitrary
       code. This vulnerability can be triggered by sending a specially
       crafted Kerberos message to a vulnerable system.


     * VU#365313 - MIT Kerberos kadmind RPC library
       gssrpc__svcauth_unix() integer conversion error

       An integer conversion error vulnerability exists in the MIT
       Kerberos kadmind that may allow a remote, unauthenticated user to
       execute arbitrary code.


     * VU#554257 - MIT Kerberos kadmind principal renaming stack buffer
       overflow

       A stack buffer overflow exists in the way the MIT Kerberos kadmind
       handles the principle renaming operation, which may allow a
       remote, authenticated user to execute arbitrary code.


II. Impact

   A remote, unauthenticated attacker may be able to execute arbitrary
   code on KDCs, systems running kadmind, and application servers that
   use the RPC library. An attacker could also cause a denial of service
   on any of these systems. These vulnerabilities could result in the
   compromise of both the KDC and an entire Kerberos realm.


III. Solution

   Check with your vendors for patches or updates. For information about
   a vendor, please see the systems affected section in the individual
   vulnerability notes or contact your vendor directly.
   Alternatively, apply the appropriate source code patches referenced in
   MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005 and recompile.
   These vulnerabilities will also be addressed in the krb5-1.6.2 and
   krb5-1.5.4 releases.


IV. References

     * US-CERT Vulnerability Note VU#365313 - <http://www.kb.cert.org/vuls/id/365313>

     * US-CERT Vulnerability Note VU#356961 - <http://www.kb.cert.org/vuls/id/356961>

     * US-CERT Vulnerability Note VU#554257 - <http://www.kb.cert.org/vuls/id/554257>

     * MIT krb5 Security Advisory 2007-004 -
       <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt>

     * MIT krb5 Security Advisory 2007-005 -
       <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-005.txt>

 

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA07-177A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@xxxxxxxx> with "TA07-177A Feedback VU#554257" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2007 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History

   June 26, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRoF2qexOF3G+ig+rAQJGTgf/TDX6H7Ra80yTOPn4gbIxEt2rXv7zOErl
jRbQpYXkyM2cS17PEcA6om+/VpgiwTYQ3+R25gjDO9TBozOSh5gXZLPJiLIG56e/
5unlug85vAK2atpdpXp2PlJeTtPg7R4T4IayNPJYoVMS25l697EA0AYjsiW6wBLy
M8rvsl+TyZoBIbZn06xhVsnZduE+HTKKJX4ZWGSlJjIj6iHIF1zNkvju1J9jSDqq
7QZBaarD3lXCSfukCpeLUEm7T8+9gUXDu+DMSR07NnXpKzQKCHR8fsqT1r9PPXfE
zJntAWrmC4xtx3XA+H0/Kjb9JK6L4G/CogNiReEmMkceDjAP4xbpWw==
=ALEE
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux