News Stay informed about the latest enterprise technology news and product updates.

Flaws fixed in widely-used Kerberos program

MIT has fixed a pair of flaws in its widely-used Kerberos program attackers could exploit to cause a buffer overflow and run malware on targeted machines.

The Massachusetts Institute of Technology (MIT) has fixed several critical Kerberos 5 flaws attackers could exploit...

to cause a buffer overflow and run malware on targeted machines.

Kerberos is widely used as a secure method for authenticating a request for a service in a computer network. It was developed in the Athena Project at MIT and is incorporated into a variety of products, including Sun Microsystems's Enterprise Authentication Mechanism software and its Solaris operating system, Red Hat Linux, MandrakeSoft Linux and Debian Linux.

MIT said in its krb5 Security Advisory 2007-006 that two flaws were addressed. First, the MIT krb5 Kerberos administration daemon (kadmind) was vulnerable to a stack buffer overflow in the RPCSEC_GSS authentication flavor of the RPC library. Third-party applications using the RPC library provided with MIT krb5 were also potentially affected, MIT said, adding, "This is a bug in the RPC library in MIT krb5. It is not a bug in the Kerberos protocol."

The second problem was that the Kerberos administration daemon (kadmind) could write data through an uninitialized pointer, MIT said, adding, "This is a bug in the kadmind in MIT krb5. It is not a bug in the Kerberos protocol."

Because it is used so extensively, Danish vulnerability clearinghouse Secunia labeled the flaws "highly critical" in its SA26676 advisory. The company warned that the flaws "can be exploited by malicious users and malicious people to compromise a vulnerable system."

Secunia recommended users eliminate the threat to their systems by updating to Kerberos 1.5.5 or 1.6.3 as soon as it becomes available, or by applying the patches.

Dig Deeper on Single-sign on (SSO) and federated identity



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.