Browse > Home / Blog article: Highly critical patches released for Kerberos 5-multiple vulnerabilities

Highly critical patches released for Kerberos 5-multiple vulnerabilities

By Janine de Blois

March 21, 2008

Kerberos credits Jeff Altman of Secure Endpoints, and Red Hat Security Response Team for discovering critical vulnerabilities in various versions of Kerberos 5. The bugs may cause DoS (Denial of Service), or otherwise compromise vulnerable systems.

The first problem is the Key Distribution Center (KDC). Incoming krb4 requests can be exploited to crash an affected server with the potential of executing arbitrary code, or disclosing sensitive memory. A second error exists in KDC when sending responses for krb4 requests. This error can be exploited to disclose potentially sensitive stack memory if kbr4 is enabled. (Newer versions are disabled by default.) The third concern is the two errors that exist in the Kerberos RPC library. To be exploited either of these require the operating system to allow a large number of opened file descriptors. The result can be memory corruption or the execution of arbitrary code.

The first two problems are reported in Kerberos 5 versions 1.6.3 and prior. The third problem is reported in versions 1.2.2 through 1.3, and versions 1.4 through 1.6.3.

Click here to discuss this: Security Forums

Filed Under Computer Security, IT Security, Internet Security News, Network Security, Server Security 
Tagged:



Add to Bookmarks:

ADD TO DEL.ICIO.US     ADD TO DIGG     ADD TO FURL

ADD TO STUMBLEUPON     ADD TO YAHOO MYWEB     ADD TO GOOGLE     ADD TO SPURL


Related posts to "Highly critical patches released for Kerberos 5-multiple vulnerabilities":



Comments

Got something to say?





Visited 355 times, 1 so far today