Vulnerability Note VU#442569
MIT Kerberos vulnerable to ticket splicing when using Kerberos4 triple DES service tickets
Several cryptographic vulnerabilities exist in the basic Kerberos version 4 protocol that could allow an attacker to impersonate any user in a Kerberos realm and gain any privilege authorized through that Kerberos realm.
The MIT Kerberos Development team has discovered a serious cryptographic flaw in the Kerberos version 4 protocol. This flaw could allow an attacker to compromise the entire affected Kerberos realm. In addition to the vulnerability described in VU#623217, an additional vulnerability was discovered in the MIT Kerberos implementation of triple-DES encryption of service tickets.
From the MIT advisory:
In addition to the impacts described for VU#623217, an attacker may impersonate any principal to a service keyed with triple-DES Kerberos version 4 keys, given the ability to capture network traffic containing tickets for the target client principal.
Apply a patch from the vendor
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Conectiva||Affected||05 Mar 2003||09 May 2003|
|Debian||Affected||05 Mar 2003||31 Mar 2003|
|Gentoo Linux||Affected||-||31 Mar 2003|
|MandrakeSoft||Affected||05 Mar 2003||01 Apr 2003|
|Red Hat Inc.||Affected||05 Mar 2003||02 Apr 2003|
|Wirex||Affected||05 Mar 2003||09 Apr 2003|
|Hitachi||Not Affected||05 Mar 2003||04 Apr 2003|
|Ingrian Networks||Not Affected||05 Mar 2003||17 Mar 2003|
|Juniper Networks||Not Affected||05 Mar 2003||17 Mar 2003|
|Lotus Software||Not Affected||-||10 Mar 2003|
|Microsoft Corporation||Not Affected||05 Mar 2003||20 Mar 2003|
|Xerox||Not Affected||05 Mar 2003||09 May 2003|
|3Com||Unknown||05 Mar 2003||10 Mar 2003|
|Apple Computer Inc.||Unknown||05 Mar 2003||17 Mar 2003|
|AT&T||Unknown||05 Mar 2003||10 Mar 2003|
CVSS Metrics (Learn More)
The CERT/CC thanks Sam Hartman, Ken Raeburn, and Tom Yu of the Kerberos group at MIT for their detailed analysis and report of this vulnerability.
This document was written by Chad R Dougherty.
- CVE IDs: CAN-2003-0139
- Date Public: 15 Mar 2003
- Date First Published: 20 Mar 2003
- Date Last Updated: 09 May 2003
- Severity Metric: 8.91
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.