Skip to main content

SunSolaris and SEAM Kerberos Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 14 Apr 2009 5252 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Sun Solaris and SEAM (Sun Enterprise Authentication Mechanism), which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by errors in Kerberos.

1. A NULL pointer dereference error in the "spnego_gss_accept_sec_context()" [src/lib/gssapi/spnego/spnego_mech.c] function when processing a NegTokenInit token with invalid ContextFlags for the reqFlags field, which could allow attackers to crash an affected server, creating a denial of service condition.

2. An error in the "asn1_decode_generaltime()" function can be exploited to free an uninitialized pointer via an invalid DER encoding.

3. An error in the "get_input_token()" function in the implementation of the SPNEGO GSS-API mechanism, which could cause a GSS-API application or the Kerberos administration daemon (kadmind) to crash or disclose certain information by reading from invalid address space.

4. An error in the PK-INIT code where an incorrect length check is performed inside the ASN.1 decoder, which could be exploited by an unauthenticated remote attacker to cause a KDC or kinit program to crash.


Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Sun Enterprise Authentication Mechanism version 1.0.1
  • Sun Solaris 9
  • Sun Solaris 10
  • Sun OpenSolaris

Solutions

Note: There is no patch available for this vulnerability currently.

Workaround:

Disable Kerberos on affected systems. A final resolution is pending completion.


Vulnerability Identifier


Source


Related Link