Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: June 09, 2005
Not Affected
Check Point products are not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: June 06, 2005
Not Affected
F5 products do not include a KDC. No F5 products are vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: June 06, 2005 Updated: June 07, 2005
Not Affected
Force10 does not implement Kerberos in its products, so we do not need to be listed as a vendor in the vulnerability note.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: May 10, 2005 Updated: July 12, 2005
Not Affected
NOT VULNERABLE Hitachi HI-UX/WE2 is NOT Vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Not Affected
Juniper Networks' products do not employ Kerberos in any configuration. Juniper's products are not subject to exploitation via the vulnerability in the MIT krb5 software described in VU#623332.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: June 06, 2005
Not Affected
At this point, we have determined that there are no Microsoft products affected by this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Updated: July 12, 2005
Affected
-----BEGIN PGP SIGNED MESSAGE----- MIT krb5 Security Advisory 2005-003 Original release: 2005-07-12 Topic: double-free in krb5_recvauth Severity: CRITICAL SUMMARY The krb5_recvauth() function can free previously freed memory under some error conditions. This vulnerability may allow an unauthenticated remote attacker to execute arbitrary code. Exploitation of this vulnerability on a Kerberos Key Distribution Center (KDC) host can result in compromise of an entire Kerberos realm. No exploit code is known to exist at this time. Exploitation of double-free vulnerabilities is believed to be difficult. [CAN-2005-1689, VU#623332] IMPACT An unauthenticated attacker may be able to execute arbitrary code in the context of a program calling krb5_recvauth(). This includes the kpropd program which typically runs on slave Key Distribution Center (KDC) hosts, potentially leading to compromise of an entire Kerberos realm. Other vulnerable programs which call krb5_recvauth() are usually remote login programs running with root privileges. Unsuccessful attempts at exploitation may result in denial of service by crashing the target program. AFFECTED SOFTWARE * The kpropd daemon in all releases of MIT krb5, up to and including krb5-1.4.1, is vulnerable. * The klogind and krshd remote-login daemons in all releases of MIT krb5, up to and including krb5-1.4.1, is vulnerable. * Third-party application programs which call krb5-recvauth() are also vulnerable. FIXES * The upcoming krb5-1.4.2 release will have a fix for this vulnerability. * Apply the following patch. This patch was generated against the krb5-1.4.1 release. It may apply, with some offset, to earlier releases. The patch may also be found at: http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt The associated detached PGP signature is at: http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt.asc Index: lib/krb5/krb/recvauth.c RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/recvauth.c,v retrieving revision 5.38 diff -c -r5.38 recvauth.c *** lib/krb5/krb/recvauth.c 3 Sep 2002 01:13:47 -0000 5.38 - --- lib/krb5/krb/recvauth.c 23 May 2005 23:19:15 -0000 *** 76,82 **** if ((retval = krb5_read_message(context, fd, &inbuf))) return(retval); if (strcmp(inbuf.data, sendauth_version)) { - - krb5_xfree(inbuf.data); problem = KRB5_SENDAUTH_BADAUTHVERS; krb5_xfree(inbuf.data); - --- 76,81 ---- *** 90,96 **** if ((retval = krb5_read_message(context, fd, &inbuf))) return(retval); if (appl_version && strcmp(inbuf.data, appl_version)) { - - krb5_xfree(inbuf.data); if (!problem) problem = KRB5_SENDAUTH_BADAPPLVERS; - --- 89,94 ---- REFERENCES This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVE: CAN-2005-1689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689 CERT: VU#623332 http://www.kb.cert.org/vuls/id/623332 ACKNOWLEDGMENTS Thanks to Magnus Hagander for reporting this vulnerability. DETAILS The helper function revcauth_common() in lib/krb5/krb/recvauth.c has two locations which call krb5_read_message(), followed by an unconditional krb5_xfree() of the buffer allocated by krb5_read_message(). In the cases where the sendauth version string or the application version string do not match the expected value, recvauth_common() performs a krb5_xfree() on the buffer allocated by krb5_read_message() preceding the subsequent unconditional call to krb5_xfree() on the same buffer. Since the code paths which call krb5_xfree() twice do so with almost no intervening code, exploitation of this vulnerability may be more difficult than exploitation of other double-free vulnerabilities. No detailed analysis has been performed on the ease of exploitation. REVISION HISTORY 2005-05-12 original release Copyright (C) 2005 Massachusetts Institute of Technology -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (SunOS) iQCVAwUBQtMbD6bDgE/zdoE9AQGmhQP+MYnmuw4+J3yIcQbS3chjZXVLHebTJJtN jM5+cMBDQfYdpuoQER1Bbaf+7Ky1BoyX2zHfANzdDAiSFRykbFqEqgvdw9jqEFmx ela1UtOhV5H80BZAzmGV+dVIqGPpWH0f4ArRe18Pbz2wZE0Vadq9VkBTJwHI23En K3a9oiHA/XM= =ZS63 -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: June 09, 2005
Not Affected
netfilter/iptables does not implement kerberos and is therefore not affected.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Affected
Red Hat, Inc This issue affects the Kerberos packages shipped with Red Hat Enterprise Linux. For Red Hat Enterprise Linux 2.1 and Red Hat Enterprise Linux 3 this issue is critical severity. Please see our advisory for more information: https://rhn.redhat.com/errata/RHSA-2005-562.html Red Hat Enterprise Linux 4 contains checks within glibc that detect double-free flaws. Therefore on Red Hat Enterprise Linux 4 successful exploitation of this issue can only lead to a denial of service (KDC crash) which is important severity. Please see our advisory for more information: https://rhn.redhat.com/errata/RHSA-2005-567.html
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 13, 2005
Affected
Sun is affected by the Kerberos vulnerability described in MIT Advisory MITKRB5-SA-2005-003 and CERT VU#623332. Sun has published Sun Alert 101810 which is available here: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101810-1 for this issue. The Sun Alert is currently unresolved but will be updated once either IDRs or T-patches are available on SunSolve. The Sun Alert will ultimately be updated with the released patch information for the final resolution.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: July 12, 2005
Not Affected
WatchGuard believes that it is not affected by this vulnerability. If you have further questions about this or any other security concern with WatchGuard products, please contact: Steve Fallin Director, Rapid Response Team WatchGuard Technologies http://www.watchguard.com steve.fallin@watchguard.com +1.206.521.8340
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
Notified: June 06, 2005 Updated: August 08, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.