The Massachusetts Institute of Technology (MIT) has fixed several critical Kerberos 5 flaws attackers could exploit to cause a buffer overflow and run malware on targeted machines.
Kerberos is widely used as a secure method for authenticating a request for a service in a computer network. It was developed in the Athena Project at MIT and is incorporated into a variety of products, including Sun Microsystems's Enterprise Authentication Mechanism software and its Solaris operating system, Red Hat Linux, MandrakeSoft Linux and Debian Linux.
MIT said in its krb5 Security Advisory 2007-006 that two flaws were addressed. First, the MIT krb5 Kerberos administration daemon (kadmind) was vulnerable to a stack buffer overflow in the RPCSEC_GSS authentication flavor of the RPC library. Third-party applications using the RPC library provided with MIT krb5 were also potentially affected, MIT said, adding, "This is a bug in the RPC library in MIT krb5. It is not a bug in the Kerberos protocol."
The second problem was that the Kerberos administration daemon (kadmind) could write data through an uninitialized pointer, MIT said, adding, "This is a bug in the kadmind in MIT krb5. It is not a bug in the Kerberos protocol."
Because it is used so extensively, Danish vulnerability clearinghouse Secunia labeled the flaws "highly critical" in its SA26676 advisory. The company warned that the flaws "can be exploited by malicious users and malicious people to compromise a vulnerable system."
Secunia recommended users eliminate the threat to their systems by updating to Kerberos 1.5.5 or 1.6.3 as soon as it becomes available, or by applying the patches.