News Stay informed about the latest enterprise technology news and product updates.

MIT fixes critical Kerberos 5 flaws

MIT fixed several critical flaws in Kerberos 5, a suite of applications and libraries for the Kerberos network-authentication protocol used on numerous platforms.

The Massachusetts Institute of Technology (MIT) has fixed several critical Kerberos 5 flaws attackers could exploit...

to cause a denial of service, bypass security restrictions and hijack targeted machines.

Kerberos is a secure method for authenticating a request for a service in a computer network. It was developed in the Athena Project at MIT and is incorporated into a variety of products, including Sun Microsystems's Enterprise Authentication Mechanism software and its Solaris operating system, Red Hat Linux, MandrakeSoft Linux and Debian Linux.

Danish vulnerability clearinghouse Secunia described one of the flaws as an error in the MIT krb5 telnet daemon that surfaces when a username is processed. Attackers who exploited this can log in as an arbitrary user by providing a specially crafted username beginning with "-e".

Secunia said Kerberos also contained a boundary error in the "krb5_klog_syslog()" function within the kadm5 library, which attackers can exploit to cause a stack-based buffer overflow via an overly long string. A double-free error in the "kg_unseal_v1()" function within the MIT krb5 GSS-API library also exists. Attackers can exploit it to launch malicious code, Secunia said.

The Secunia advisory links to the advisories MIT released for the individual issues.

Dig Deeper on Web application and API security best practices

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.