Skip to main content

MIT Kerberos Key Distribution Center Heap Overflow Vulnerability

Last Update Date: 1 Aug 2012 11:27 Release Date: 1 Aug 2012 5270 Views

RISK: High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Two vulnerabilities have been identified in the Kerberos KDC, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system.

  1. By sending a specially crafted AS-REQ, an unauthenticated remote attacker can cause the KDC to abnormally terminate or to execute malicious code.
  2. By sending a malformed AS-REQ, an unauthenticated remote attacker can cause the KDC to abnormally terminate.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • The KDC in releases krb5-1.8 or later
  • The KDC in releases krb5-1.10 or later

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link