The Massachusetts Institute of Technology (MIT) has fixed several critical Kerberos 5 flaws attackers could exploit to cause a denial of service, bypass security restrictions and hijack targeted machines.
Kerberos is a secure method for authenticating a request for a service in a computer network. It was developed in the Athena Project at MIT and is incorporated into a variety of products, including Sun Microsystems's Enterprise Authentication Mechanism software and its Solaris operating system, Red Hat Linux, MandrakeSoft Linux and Debian Linux.
Danish vulnerability clearinghouse Secunia described one of the flaws as an error in the MIT krb5 telnet daemon that surfaces when a username is processed. Attackers who exploited this can log in as an arbitrary user by providing a specially crafted username beginning with "-e".
Secunia said Kerberos also contained a boundary error in the "krb5_klog_syslog()" function within the kadm5 library, which attackers can exploit to cause a stack-based buffer overflow via an overly long string. A double-free error in the "kg_unseal_v1()" function within the MIT krb5 GSS-API library also exists. Attackers can exploit it to launch malicious code, Secunia said.
The Secunia advisory links to the advisories MIT released for the individual issues.