Microsoft Information for VU#759265
Kerberos client code buffer overflow in kdc_reply_cipher()
- Vendor Information Help Date Notified: 11 Dec 2000
- Statement Date:
- Date Updated: 14 Dec 2000
Windows 2000 does not support Kerb IV. W2K has completely different implementation of the protocol and is not vulnerable to the specific buffer overflow condition using memcpy identified by VU#759265. (Note that buffer overrun as a general implementation problem is one we are continuously on guard against through our buffer overrun examination tools, internal code reviews, and in the case of kerberos implementation, an external security code review).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.