SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#661243

MIT Kerberos V5 KDC vulnerable to denial-of-service via null pointer dereference

Overview

A vulnerability exists in MIT Kerberos V5 Key Distribution Center that may allow attackers to crash multiple KDC servers within the same realm.

I. Description

The MIT Kerberos V5 Key Distribution Center (KDC) contains a vulnerability that allows certain protocol requests to crash the KDC by triggering a null pointer dereference. Requests of this form are compliant with the Kerberos protocol, but unlikely to occur in properly configured clients. When this type of crash occurs, the client will attempt to contact other KDCs in the same realm, causing them to crash as well.

This vulnerability is believed to be limited TGS-REQ exchanges, which require the client to be authenticated. Therefore, to exploit this vulnerability, attackers must authenticate using a valid user name and password.

II. Impact

Authenticated attackers can crash one or more KDCs in a given realm.

III. Solution

This vulnerability was addressed in MIT Kerberos V5 1.2.5, released on April 30, 2002. MIT krb5 Security Advisory 2003-001 provides additional information from MIT and is available at:


For information regarding other vendors who may be affected, please see the vendor section of this document.

Systems Affected
VendorStatusDate NotifiedDate Updated
KTH KerberosUnknown29-Jan-2003
MandrakeSoftVulnerable4-Apr-2003
Microsoft CorporationNot Vulnerable31-Jan-2003
MIT Kerberos Development TeamVulnerable30-Jan-2003
Red Hat Inc.Vulnerable27-Mar-2003

References


http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
http://www.ietf.org/rfc/rfc1510.txt

Credit

The CERT/CC thanks Greg Pryzby for discovering this vulnerability and Ken Raeburn of MIT for bringing it to our attention.

This document was written by Jeffrey P. Lanza.

Other Information

Date Public:2002-09-16
Date First Published:2003-01-31
Date Last Updated:2003-04-04
CERT Advisory: 
CVE-ID(s):CAN-2003-0058
NVD-ID(s):CAN-2003-0058
US-CERT Technical Alerts: 
Metric:1.23
Document Revision:30

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader