MiT Kerberos Development Team Information for VU#516825

Integer overflow in Sun RPC XDR library routines

Status

Affected

Vendor Statement

It may be possible for a remote attacker to exploit an integer
overflow in xdrmem_getbytes() to crash the kadmind server process by a
read segmentation fault.  For this to succeed, the kadmind process
must be able to allocate more than MAX_INT bytes of memory.  This is
believed to be unlikely, as most installations are not likely to
permit that the allocation of that much memory.

It may also be possible for a remote attacker to exploit this integer
overflow to obtain sensitive information, such as secret keys, from
the kadmind process.  This is believed to be extremely unlikely, as
there are unlikely to be ways for the information, once improperly
copied, of being returned to the attacker.  In addition, the above
condition of the kadmind being able to allocate huge amounts of memory
must be satisfied.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The MIT Kerberos development team has released MIT krb5 Security Advisory 2003-003 describing this issue. Users are encouraged to review this document and apply the patches it refers to.

If you have feedback, comments, or additional information about this vulnerability, please send us email.