A vulnerability exists in MIT Kerberos V5 Key Distribution Center that may allow attackers to crash multiple KDC servers within the same realm.
The MIT Kerberos V5 Key Distribution Center (KDC) contains a vulnerability that allows certain protocol requests to crash the KDC by triggering a null pointer dereference. Requests of this form are compliant with the Kerberos protocol, but unlikely to occur in properly configured clients. When this type of crash occurs, the client will attempt to contact other KDCs in the same realm, causing them to crash as well.
This vulnerability is believed to be limited TGS-REQ exchanges, which require the client to be authenticated. Therefore, to exploit this vulnerability, attackers must authenticate using a valid user name and password.
Authenticated attackers can crash one or more KDCs in a given realm.
This vulnerability was addressed in MIT Kerberos V5 1.2.5, released on April 30, 2002. MIT krb5 Security Advisory 2003-001 provides additional information from MIT and is available at:
The CERT/CC thanks Greg Pryzby for discovering this vulnerability and Ken Raeburn of MIT for bringing it to our attention.
This document was written by Jeffrey P. Lanza.
|Date First Published:||2002-09-16|
|Date Last Updated:||2003-04-04 20:03 UTC|