Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Kerberos bug bites

From: InfoSec News <isn () c4i org>
Date: Mon, 28 Oct 2002 06:12:23 -0600 (CST)
Forwarded from: Elyn Wollensky <elyn () consect com>

By John Leyden
Posted: 25/10/2002 at 13:16 GMT

http://www.theregister.co.uk/content/55/27791.html

A flaw has been identified in certain implementations of the widely
used Kerberos authentication protocol. The flaw could be exploited by
crackers to gain root access to authentication servers.

The issue is serious, with at least one exploit known to exist in the
wild, but there is a patch.

All releases of MIT Kerberos 5, up to and including krb5-1.2.6, and
all Kerberos 4 implementations derived from MIT Kerberos 4, including
Cygnus Network Security (CNS), are affected by the high risk
vulnerability.

The US government Department of Energy's Computer Incident Advisory
Capability (CIAC) team warns the problem is compounded because a
potential attacker does not have to authenticate to an authentication
server in order to carry out the attack. Because of the issue an
attacker might be able execute arbitrary code on the key distribution
center (KDC), which authenticates users, and thereby compromise a
Kerberos database.

A stack buffer overflow in the implementation of the Kerberos v4
compatibility administration daemon (kadmind4) of the MIT krb5
distribution has been identified as the root cause of the problem. The
kadmind4 daemon supplied with MIT krb5 is intended for use in sites
that require compatibility with legacy administrative clients; sites
that do not have this requirement are not likely to be running this
daemon.

MIT has published an advisory which advises sys admins with
potentially vulnerable servers on how to fix the flaw.

Kerberos, which was developed by MIT, is a very widely used means for
securely authenticating a request for a service in a computer network.
The name derives from Greek mythology, where Cerberus is the
three-headed dog guarding the gates of Hades.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: