Vulnerability Note VU#661243
MIT Kerberos V5 KDC vulnerable to denial-of-service via null pointer dereference
Overview
A vulnerability exists in MIT Kerberos V5 Key Distribution Center that may allow attackers to crash multiple KDC servers within the same realm.
Description
The MIT Kerberos V5 Key Distribution Center (KDC) contains a vulnerability that allows certain protocol requests to crash the KDC by triggering a null pointer dereference. Requests of this form are compliant with the Kerberos protocol, but unlikely to occur in properly configured clients. When this type of crash occurs, the client will attempt to contact other KDCs in the same realm, causing them to crash as well. This vulnerability is believed to be limited TGS-REQ exchanges, which require the client to be authenticated. Therefore, to exploit this vulnerability, attackers must authenticate using a valid user name and password. |
Impact
Authenticated attackers can crash one or more KDCs in a given realm. |
Solution
This vulnerability was addressed in MIT Kerberos V5 1.2.5, released on April 30, 2002. MIT krb5 Security Advisory 2003-001 provides additional information from MIT and is available at: For information regarding other vendors who may be affected, please see the vendor section of this document. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| MandrakeSoft | Affected | 03 Apr 2003 | 04 Apr 2003 |
| MIT Kerberos Development Team | Affected | 20 May 2002 | 30 Jan 2003 |
| Red Hat Inc. | Affected | 26 Mar 2003 | 27 Mar 2003 |
| Microsoft Corporation | Not Affected | 26 Jul 2002 | 31 Jan 2003 |
| KTH Kerberos | Unknown | 26 Jul 2002 | 29 Jan 2003 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
- http://www.ietf.org/rfc/rfc1510.txt
Credit
The CERT/CC thanks Greg Pryzby for discovering this vulnerability and Ken Raeburn of MIT for bringing it to our attention.
This document was written by Jeffrey P. Lanza.
Other Information
- CVE IDs: CAN-2003-0058
- Date Public: 16 Sep 2002
- Date First Published: 31 Jan 2003
- Date Last Updated: 04 Apr 2003
- Severity Metric: 1.23
- Document Revision: 30
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.