Vulnerability Note VU#661243

MIT Kerberos V5 KDC vulnerable to denial-of-service via null pointer dereference

Original Release date: 31 Jan 2003 | Last revised: 04 Apr 2003

Overview

A vulnerability exists in MIT Kerberos V5 Key Distribution Center that may allow attackers to crash multiple KDC servers within the same realm.

Description

The MIT Kerberos V5 Key Distribution Center (KDC) contains a vulnerability that allows certain protocol requests to crash the KDC by triggering a null pointer dereference. Requests of this form are compliant with the Kerberos protocol, but unlikely to occur in properly configured clients. When this type of crash occurs, the client will attempt to contact other KDCs in the same realm, causing them to crash as well.

This vulnerability is believed to be limited TGS-REQ exchanges, which require the client to be authenticated. Therefore, to exploit this vulnerability, attackers must authenticate using a valid user name and password.

Impact

Authenticated attackers can crash one or more KDCs in a given realm.

Solution

This vulnerability was addressed in MIT Kerberos V5 1.2.5, released on April 30, 2002. MIT krb5 Security Advisory 2003-001 provides additional information from MIT and is available at:


For information regarding other vendors who may be affected, please see the vendor section of this document.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
MandrakeSoftAffected03 Apr 200304 Apr 2003
MIT Kerberos Development TeamAffected20 May 200230 Jan 2003
Red Hat Inc.Affected26 Mar 200327 Mar 2003
Microsoft CorporationNot Affected26 Jul 200231 Jan 2003
KTH KerberosUnknown26 Jul 200229 Jan 2003
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

The CERT/CC thanks Greg Pryzby for discovering this vulnerability and Ken Raeburn of MIT for bringing it to our attention.

This document was written by Jeffrey P. Lanza.

Other Information

  • CVE IDs: CAN-2003-0058
  • Date Public: 16 Sep 2002
  • Date First Published: 31 Jan 2003
  • Date Last Updated: 04 Apr 2003
  • Severity Metric: 1.23
  • Document Revision: 30

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.