MIT Kerberos Updates for Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 20 Mar 2008 4400 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in Kerberos, which could be exploited by attackers to gain knowledge of sensitive information, cause a denial of service or take complete control of an affected system.

1. Due to an errors in KDC when handling krb4 messages, which could be exploited by an unauthenticated remote attacker to cause a krb4-enabled KDC to crash, disclose sensitive information, or execute arbitrary code.

2. Due to an error in KDC when handling incoming krb4 messages, which could be exploited by unauthenticated remote attackers to cause a krb4-enabled KDC to expose sensitive stack memory data (e.g. secret key data on certain platforms).

3. Due to an memory corruption errors in the RPC library when multiple file descriptors are opened, which could result in database corruption or arbitrary code execution.

Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Kerberos 5 version 1.6.3 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply patches :
http://web.mit.edu/kerberos/advisories/2008-001-patch.txt
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2008-002.txt

Vulnerability Identifier

Source

Related Link

Share with

Previous

Apple Safari Command Execution and Cross Site Scripting Vulnerabilities

19 Mar 2008 4469 Views

Next

Mac OS X Multiple Vulnerabilities

20 Mar 2008 4470 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY