Skip to main content

Novell Kerberos KDC Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 17 Apr 2009 5385 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Novell Kerberos KDC, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by errors in Kerberos.

1. A NULL pointer dereference error in the "spnego_gss_accept_sec_context()" [src/lib/gssapi/spnego/spnego_mech.c] function when processing a NegTokenInit token with invalid ContextFlags for the reqFlags field, which could allow attackers to crash an affected server, creating a denial of service condition.

2. The "asn1_decode_generaltime()" function in the ASN.1 decoder freeing an uninitialized pointer when decoding an invalid encoding, which could allow an unauthenticated remote attacker to crash the Kerberos administration daemon (kadmind) or the KDC or execute arbitrary code.

3. An error in the "get_input_token()" function in the implementation of the SPNEGO GSS-API mechanism, which could cause a GSS-API application or the Kerberos administration daemon (kadmind) to crash or disclose certain information by reading from invalid address space.

4. An error in the PK-INIT code where an incorrect length check is performed inside the ASN.1 decoder, which could be exploited by an unauthenticated remote attacker to cause a KDC or kinit program to crash.


System / Technologies affected

  • Novell Kerberos KDC 1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link