Skip to main content

Novell Products Kerberos AES / RC4 Integer Underflow Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 19 Feb 2010 5424 Views

RISK: Medium Risk

Multiple vulnerabilitieshave been identified in Novell products, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by errors in Kerberos. These issues are caused by integer underflow errors in the AES and RC4 decryption operations when processing an invalid ciphertext, which could be exploited by remote unauthenticated attackers to crash KDC or execute arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • Novell Modular Authentication Service (NMAS) versions 3.x
  • Novell Kerberos KDC versions 1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link