MIT Kerberos Key Distribution Center Heap Overflow Vulnerability
Last Update Date:
1 Aug 2012 11:27
Release Date:
1 Aug 2012
5270
Views
RISK: High Risk
TYPE: Servers - Other Servers
Two vulnerabilities have been identified in the Kerberos KDC, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system.
- By sending a specially crafted AS-REQ, an unauthenticated remote attacker can cause the KDC to abnormally terminate or to execute malicious code.
- By sending a malformed AS-REQ, an unauthenticated remote attacker can cause the KDC to abnormally terminate.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- The KDC in releases krb5-1.8 or later
- The KDC in releases krb5-1.10 or later
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Apply patch:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt
http://web.mit.edu/kerberos/advisories/2012-001-patch.txt
Vulnerability Identifier
Source
Related Link
Share with