|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#481564
Kerberos administration daemon fails to properly initialize function pointers
OverviewThe Kerberos administration daemon fails to properly initialize pointers. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service.
I. DescriptionA vulnerability exists in the way the Kerberos administration daemon handles pointers that may allow a remote, unauthenticated user to execute arbitrary code. According to MIT krb5 Security Advisory 2006-002:
The Kerberos administration daemon, "kadmind", can execute arbitrary code by calling through a function pointer located in freed memory. This vulnerability results from bugs in the server-side portion of the RPC library.
Note that krb5-1.4 through krb5-1.4.4, and krb5-1.5 through krb5-1.5.1 are affected by this vulnerability. Other server applications that utilize the RPC library provided with MIT krb5 may also be affected.
This vulnerability can be triggered by sending a specially crafted Kerberos packet to a vulnerable system.
II. ImpactA remote, unauthenticated user may be able to execute arbitrary code resulting in the compromise of the Kerberos key database or cause a denial of service.
III. SolutionApply Patch
A patch can be obtained from MIT krb5 Security Advisory 2006-002. MIT also states that this will be addressed in the upcoming krb5-1.6 release and krb5-1.5.2 patch release.
Systems Affected
| Vendor | Status | Date Updated |
|---|
| 3com, Inc. | Unknown | 4-Jan-2007 |
| Alcatel | Unknown | 4-Jan-2007 |
| Apple Computer, Inc. | Unknown | 4-Jan-2007 |
| AttachmateWRQ, Inc. | Not Vulnerable | 7-Feb-2007 |
| AT&T | Unknown | 4-Jan-2007 |
| Avaya, Inc. | Unknown | 4-Jan-2007 |
| Avici Systems, Inc. | Unknown | 4-Jan-2007 |
| Borderware Technologies | Unknown | 4-Jan-2007 |
| Charlotte's Web Networks | Unknown | 4-Jan-2007 |
| Check Point Software Technologies | Unknown | 4-Jan-2007 |
| Chiaro Networks, Inc. | Unknown | 4-Jan-2007 |
| Cisco Systems, Inc. | Unknown | 4-Jan-2007 |
| Clavister | Unknown | 4-Jan-2007 |
| Computer Associates | Unknown | 4-Jan-2007 |
| Conectiva Inc. | Unknown | 4-Jan-2007 |
| Cray Inc. | Unknown | 4-Jan-2007 |
| CyberSafe, Inc. | Not Vulnerable | 5-Jan-2007 |
| D-Link Systems, Inc. | Unknown | 4-Jan-2007 |
| Data Connection, Ltd. | Unknown | 4-Jan-2007 |
| Debian GNU/Linux | Vulnerable | 19-Jan-2007 |
| EMC, Inc. (formerly Data General Corporation) | Unknown | 4-Jan-2007 |
| Engarde Secure Linux | Unknown | 4-Jan-2007 |
| Ericsson | Unknown | 4-Jan-2007 |
| eSoft, Inc. | Unknown | 4-Jan-2007 |
| Extreme Networks | Unknown | 4-Jan-2007 |
| F5 Networks, Inc. | Unknown | 4-Jan-2007 |
| Fedora Project | Vulnerable | 11-Jan-2007 |
| Force10 Networks, Inc. | Not Vulnerable | 10-May-2007 |
| Fortinet, Inc. | Unknown | 4-Jan-2007 |
| Foundry Networks, Inc. | Unknown | 4-Jan-2007 |
| FreeBSD, Inc. | Unknown | 4-Jan-2007 |
| Fujitsu | Unknown | 4-Jan-2007 |
| Gentoo Linux | Vulnerable | 7-Feb-2007 |
| Global Technology Associates | Unknown | 4-Jan-2007 |
| Heimdal Kerberos Project | Unknown | 4-Jan-2007 |
| Hewlett-Packard Company | Unknown | 4-Jan-2007 |
| Hitachi | Not Vulnerable | 16-Jan-2007 |
| Hyperchip | Not Vulnerable | 16-Jan-2007 |
| IBM Corporation | Not Vulnerable | 5-Jan-2007 |
| IBM Corporation (zseries) | Unknown | 4-Jan-2007 |
| IBM eServer | Unknown | 4-Jan-2007 |
| Immunix Communications, Inc. | Unknown | 4-Jan-2007 |
| Ingrian Networks, Inc. | Unknown | 4-Jan-2007 |
| Intel Corporation | Unknown | 4-Jan-2007 |
| Internet Security Systems, Inc. | Unknown | 4-Jan-2007 |
| Intoto | Not Vulnerable | 16-Jan-2007 |
| IP Filter | Unknown | 4-Jan-2007 |
| Juniper Networks, Inc. | Not Vulnerable | 5-Jan-2007 |
| KTH Kerberos Team | Unknown | 4-Jan-2007 |
| Linksys (A division of Cisco Systems) | Unknown | 4-Jan-2007 |
| Lucent Technologies | Unknown | 4-Jan-2007 |
| Luminous Networks | Unknown | 4-Jan-2007 |
| Mandriva, Inc. | Vulnerable | 11-Jan-2007 |
| Microsoft Corporation | Not Vulnerable | 5-Jan-2007 |
| MIT Kerberos Development Team | Vulnerable | 9-Jan-2007 |
| MontaVista Software, Inc. | Unknown | 4-Jan-2007 |
| Multinet (owned Process Software Corporation) | Unknown | 4-Jan-2007 |
| Multitech, Inc. | Unknown | 4-Jan-2007 |
| NEC Corporation | Unknown | 4-Jan-2007 |
| NetBSD | Unknown | 4-Jan-2007 |
| netfilter | Unknown | 4-Jan-2007 |
| Network Appliance, Inc. | Not Vulnerable | 8-Jan-2007 |
| NextHop Technologies, Inc. | Unknown | 4-Jan-2007 |
| Nokia | Unknown | 4-Jan-2007 |
| Nortel Networks, Inc. | Unknown | 4-Jan-2007 |
| Novell, Inc. | Unknown | 4-Jan-2007 |
| OpenBSD | Unknown | 4-Jan-2007 |
| OpenPKG | Vulnerable | 11-Jan-2007 |
| Openwall GNU/*/Linux | Unknown | 4-Jan-2007 |
| QNX, Software Systems, Inc. | Unknown | 4-Jan-2007 |
| Red Hat, Inc. | Not Vulnerable | 5-Jan-2007 |
| Redback Networks, Inc. | Unknown | 4-Jan-2007 |
| Riverstone Networks, Inc. | Unknown | 4-Jan-2007 |
| rPath | Vulnerable | 12-Jan-2007 |
| Secure Computing Network Security Division | Unknown | 4-Jan-2007 |
| Secureworx, Inc. | Unknown | 4-Jan-2007 |
| Silicon Graphics, Inc. | Unknown | 4-Jan-2007 |
| Slackware Linux Inc. | Vulnerable | 19-Jan-2007 |
| Sony Corporation | Unknown | 4-Jan-2007 |
| Stonesoft | Unknown | 4-Jan-2007 |
| Sun Microsystems, Inc. | Not Vulnerable | 9-Jan-2007 |
| SUSE Linux | Vulnerable | 11-Jan-2007 |
| Symantec, Inc. | Unknown | 4-Jan-2007 |
| The SCO Group | Unknown | 4-Jan-2007 |
| Trustix Secure Linux | Vulnerable | 19-Jan-2007 |
| Turbolinux | Unknown | 4-Jan-2007 |
| Ubuntu | Vulnerable | 16-Jan-2007 |
| Unisys | Unknown | 4-Jan-2007 |
| Watchguard Technologies, Inc. | Unknown | 4-Jan-2007 |
| Wind River Systems, Inc. | Unknown | 4-Jan-2007 |
| ZyXEL | Unknown | 4-Jan-2007 |
References
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
http://securitytracker.com/alerts/2007/Jan/1017493.html
http://secunia.com/advisories/23772/
http://secunia.com/advisories/23706/
http://secunia.com/advisories/23707/
http://secunia.com/advisories/23701/
http://secunia.com/advisories/23696/
http://secunia.com/advisories/23667/
http://www.securityfocus.com/bid/21970
http://secunia.com/advisories/23903/
http://secunia.com/advisories/24966/
http://docs.info.apple.com/article.html?artnum=305391
Credit
This issue is addressed in MIT krb5 Security Advisory 2006-002. MIT credits Andrew Korty from Indiana University for reporting this issue.
This document was written by Chris Taschner.
Other Information
| Date Public | 01/09/2007 |
| Date First Published | 01/09/2007 03:28:50 PM |
| Date Last Updated | 05/10/2007 |
| CERT Advisory | |
| CVE Name | CVE-2006-6143 |
| US-CERT Technical Alerts | |
| Metric | 20.92 |
| Document Revision | 55 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader