SunSolaris and SEAM Kerberos Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Sun Solaris and SEAM (Sun Enterprise Authentication Mechanism), which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by errors in Kerberos.

1. A NULL pointer dereference error in the "spnego_gss_accept_sec_context()" [src/lib/gssapi/spnego/spnego_mech.c] function when processing a NegTokenInit token with invalid ContextFlags for the reqFlags field, which could allow attackers to crash an affected server, creating a denial of service condition.

2. An error in the "asn1_decode_generaltime()" function can be exploited to free an uninitialized pointer via an invalid DER encoding.

3. An error in the "get_input_token()" function in the implementation of the SPNEGO GSS-API mechanism, which could cause a GSS-API application or the Kerberos administration daemon (kadmind) to crash or disclose certain information by reading from invalid address space.

4. An error in the PK-INIT code where an incorrect length check is performed inside the ASN.1 decoder, which could be exploited by an unauthenticated remote attacker to cause a KDC or kinit program to crash.