Fixes, workaround for Kerberos 5 vulnerability

By Bill Brenner, News Writer 21 Dec 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Attackers could use a "serious" security hole in the Kerberos 5 administration library to launch malicious code, according to an advisory from the Massachusetts Institute of Technology's (MIT) Kerberos Team. But fixes and a workaround are available.

According to the team's advisory, the problem is a heap buffer overflow in the MIT Kerberos 5 administration library, also known as libkadm5srv. The vulnerability is in the password history handling code, which the advisory said "could be exploited to execute arbitrary code on a Key Distribution Center (KDC) host."

"The overflow occurs during a password change of a principal with a certain password history state," the advisory added. "An administrator must have performed a certain password policy change in order to create the vulnerable state."

The MIT Kerberos Team said it knows of no exploits to date, though it noted there has been public discussion of the flaw in recent weeks, including "sufficient detail that someone could infer how to perform an attack."

Fortunately, the advisory said, "exploitation of this vulnerability is believed to be difficult, due to the limited extent of the overflow."

Nevertheless, the team warned that an authenticated user -- not necessarily one with administrative privileges -- could launch arbitrary code on the KDC host, "compromising an entire Kerberos realm." The advisory includes a list of mitigating factors that could make exploitation more difficult.

The vulnerability affects KDC software on all releases of MIT Kerberos 5 up to and including version 1.3.5.

A patch is available for version 1.3.5 and the vulnerability is fixed in version 1.4-beta3. The vulnerability is also expected to be fixed in the upcoming krb5-1.4 release and krb5-1.3.6 patch release.

Until KDC programs and libraries have been patched, the advisory recommended users "not decrease the password history count on any policy in your Kerberos realm. Also, if you have already decreased the password history count on a policy at some point in the past, you should raise it to the maximum value that it has had in the past."

Kerberos is a secure method for authenticating a request for a service in a computer network. It was developed in the Athena Project at MIT.

Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting),  Security Patch Management,  Password Management and Policy,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) Adobe warns of critical update for Reader, Acrobat 9.1.3 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches SSH key compromise shuts down Apache website IBM finds sharp spike in malicious content on trusted sites Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Security Patch Management Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe When is it suitable to remove Java updates? Password Management and Policy Two-factor authentication, vigilance foil password theft Group to shed light on secure identity management threats Brute force attacks target Yahoo email accounts Best Identity and Access Management Products Privileged account management critical to data security Making the case for enterprise IAM centralized access control How to prevent brute force webmail attacks Best practices for a privileged access policy to secure user accounts Mature SIMs do more than log aggregation and correlation PCI compliance requirement 2: Defaults

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary