Sun Microsystems said Solaris 9 users should apply a patch it issued Tuesday to protect systems against vulnerabilities...
in the Kerberos Key Distribution Center (KDC) and Kerberos V5 libraries.
Paul Sangster, senior Solaris security architect for the Santa Clara, Calif.-based company, said the vulnerabilities would be difficult to exploit and he's unaware of attempts to do so. "However," he said, "we strongly encourage customers to apply the patch because any exploit of a Kerberos [Key Distribution Center] could be costly."
Noting that the KDC houses the secret keys that enable Kerberos to be safely used, Sangster added, "The patch should be applied to all systems using Kerberos… in addition to the KDC."
Sangster said Sun discovered the vulnerabilities while doing a security review of the code this past summer. The Massachusetts Institute of Technology (MIT) Kerberos Team issued advisories on the vulnerabilities Aug. 31, warning that Kerberos 5 software could allow an attacker to launch arbitrary code or put machines into an endless loop.
The first advisory described a "double-free" vulnerability in the KDC program a remote attacker could use to execute arbitrary code. "Compromise of a KDC host compromises the security of the entire authentication realm served by the KDC," the advisory said. "Additionally, double-free vulnerabilities exist in MIT Kerberos 5 library code, making client programs and application servers vulnerable."
The second advisory described flaws in the ASN.1 decoder library an attacker could exploit to cause a denial of service or an infinite loop in the decoder. The KDC is also vulnerable to this attack. "An unauthenticated remote attacker can cause a KDC or application server to hang inside an infinite loop," the advisory said. "An attacker impersonating a legitimate KDC or application server may cause a client program to hang inside an infinite loop."
The patch Sun released fixes the problem in Solaris 9 on the SPARC and x86 platforms.