Novell Products Kerberos AES / RC4 Integer Underflow Vulnerabilities
Last Update Date:
28 Jan 2011
Release Date:
19 Feb 2010
4461
Views
RISK: Medium Risk
Multiple vulnerabilitieshave been identified in Novell products, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by errors in Kerberos. These issues are caused by integer underflow errors in the AES and RC4 decryption operations when processing an invalid ciphertext, which could be exploited by remote unauthenticated attackers to crash KDC or execute arbitrary code.
Impact
- Remote Code Execution
System / Technologies affected
- Novell Modular Authentication Service (NMAS) versions 3.x
- Novell Kerberos KDC versions 1.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Novell Modular Authentication Service (NMAS) - Apply patch :
http://download.novell.com/Download?buildid=9Ddu8DuN63Q~ - Novell Kerberos KDC - Apply patch :
http://download.novell.com/Download?buildid=i9_BmLPleO0~
Vulnerability Identifier
Source
Related Link
- http://www.vupen.com/english/advisories/2010/0414
- http://www.vupen.com/english/advisories/2010/0096
- http://secunia.com/advisories/38612/
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5068560.html
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5069140.html
Share with