Novell Kerberos KDC Multiple Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Novell Kerberos KDC, which could be exploited by attackers to gain knowledge of sensitive information, cause a denial of service or take complete control of an affected system.
1. Due to errors in KDC when handling krb4 messages, which could be exploited by an unauthenticated remote attacker to cause a krb4-enabled KDC to crash, disclose sensitive information, or execute arbitrary code.
2. Due to an error in KDC when handling incoming krb4 messages, which could be exploited by unauthenticated remote attackers to cause a krb4-enabled KDC to expose sensitive stack memory data (e.g. secret key data on certain platforms).
3. Due to memory corruption errors in the RPC library when multiple file descriptors are opened, which could result in database corruption or arbitrary code execution.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Novell Kerberos KDC 1.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Apply patches.
- x86 platform:
http://download.novell.com/Download?buildid=yEhbIVtcB40~ - x86-64 platform:
http://download.novell.com/Download?buildid=lEcyePhCocw~
Vulnerability Identifier
Source
Related Link
- http://www.frsirt.com/english/advisories/2008/1102
- http://www.frsirt.com/english/advisories/2008/0922
- http://secunia.com/advisories/29663/
- http://secunia.com/advisories/29428/
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
Share with