Skip to main content

Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 14 Jan 2010 5486 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Kerberos, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by integer underflow errors in the AES and RC4 decryption operations when processing an invalid ciphertext, which could be exploited by remote unauthenticated attackers to crash KDC or execute arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • MIT Kerberos krb5-1.3 and later

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link