'Highly critical' Kerberos 5 flaws

The authentication tool is open to flaws attackers could use to cause a denial of service or launch malicious code.

Attackers could exploit "highly critical" security holes in Kerberos 5 to cause a denial of service or launch malicious code, Danish security firm Secunia said in an advisory.

Kerberos is

Other recent Kerberos flaws

'Serious' security holes in Kerberos Telnet client

Fixes, workaround for Kerberos 5 vulnerability

a secure method for authenticating a request for a service in a computer network. It was developed in the Athena Project at MIT and is incorporated into a variety of products, including Sun Microsystems's Enterprise Authentication Mechanism software and its Solaris operating system.

The first problem is that "a double-free error in the 'krb5_recvauth()' function can potentially be exploited to execute arbitrary code in the context of the program calling this function," Secunia said. "Successful exploitation may lead to the compromise of an entire Kerberos realm or cause the program to crash." The flaw has been reported in kpropd, klogind, and krshd versions 1.4.1 and prior. Any third-party programs calling the 'krb5_recvauth()' function are also vulnerable, the firm added.

The second issue is an error in the Key Distribution Center (KDC) implementation that causes memory to be freed up

Security Seven Awards

TechTarget's Information Security magazine, SearchSecurity.com and Information Security Decisions have created the Security Seven Awards to recognize the achievements of leading information security practitioners in seven vertical industries. Winners will be chosen from the financial services, telecommunications, manufacturing, energy, government, education and health care industries. To nominate an individual for the Security Seven Awards, please complete the form and return it to securityseven@infosecuritymag.com by Aug. 1, 2005.

at random locations. This could lead to heap corruption if the attacker uses a specially crafted TCP request. "Successful exploitation crashes the KDC," Secunia said, adding that the flaw has been reported in KDC implementations 1.4.1 and prior.

The third vulnerability stems from a boundary error in the KDC that can cause a single-byte heap-based buffer overflow if the attacker uses a specially crafted TCP or UDP request. "This can potentially be exploited to execute arbitrary code," Secunia said. "Successful exploitation may lead to the compromise of an entire Kerberos realm or cause a [denial of service]." The vulnerability has been reported in KDC implementations and application servers 1.4.1 and prior. Third-party application servers using MIT krb5 are also affected, the firm said.

The Secunia advisory links to advisories from the Massachusetts Institute of Technology's (MIT) Kerberos Team. The advisories outline patches and workarounds, and Secunia noted the flaws will also be fixed in version 1.4.2.

Sun has issued its own advisory saying the problems affect the Enterprise Authentication Mechanism software and Solaris versions seven through 10. Sun said it has no patch yet, though it's working on a fix.

Meanwhile, Linux vendors Gentoo, Red Hat and Turbolinux have issued fixes for their affected products.

Dig deeper on Wireless Network Protocols and Standards

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close