Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: MIT Kerberos Vulnerabilities



> -----Original Message-----
> From: US-CERT Technical Alerts [mailto:technical-alerts@xxxxxxxxxxx] 
> Sent: Wednesday, April 04, 2007 3:58 AM
> To: technical-alerts@xxxxxxxxxxx
> Subject: US-CERT Technical Cyber Security Alert TA07-093B -- 
> MIT Kerberos Vulnerabilities
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
>                      National Cyber Alert System
> 
>                Technical Cyber Security Alert TA07-093B
> 
> 
> MIT Kerberos Vulnerabilities
> 
>    Original release date: April 03, 2007
>    Last revised: --
>    Source: US-CERT
> 
> 
> Systems Affected
> 
>      * MIT Kerberos
> 
>    Other products based on the GSS-API or the RPC libraries provided
>    with MIT Kerberos may also be affected.
> 
> 
> Overview
> 
>    The MIT Kerberos 5 implementation contains several vulnerabilities.
>    One of these vulnerabilities (VU#220816) could allow a remote,
>    unauthenticated attacker to log in via telnet (23/tcp) with
>    elevated privileges. The other vulnerabilities (VU#704024,
>    VU#419344) could allow a remote, authenticated attacker to execute
>    arbitrary code on a Key Distribution Center (KDC).
> 
> 
> I. Description
> 
>    There are three vulnerabilities that affect MIT Kerberos 5:
> 
>    * VU#220816 - MIT Kerberos 5 telnet daemon allows login as
>                  arbitrary user
>    
>      The telnet daemon included with the MIT Kerberos administration
>      daemon contains a vulnerability that may allow a remote,
>      unauthorized user to log on to the system with elevated
>      privileges.
>    
>    * VU#704024 - MIT Kerberos 5 administration daemon stack overflow
>                  in krb5_klog_syslog()
>        
>      The MIT Kerberos administration daemon contains a vulnerability
>      in the way the krb5_klog_syslog() function handles specially
>      crafted strings that may allow a remote, authenticated attacker
>      to execute arbitrary code. Other server applications that call
>      krb5_klog_syslog() may also be affected. This vulnerability can
>      be triggered by sending a specially crafted Kerberos message to a
>      vulnerable system.
>      
>    * VU#419344 - MIT Kerberos 5 GSS-API library double-free
>                  vulnerability
> 
>      A vulnerability exists in the way that the GSS-API library
>      provided with MIT krb5 handles messages with an invalid direction
>      encoding, resulting in a double free which may allow a remote,
>      authenticated attacker to execute arbitrary code. Other server
>      applications that utilize the RPC library or the GSS-API library
>      provided with MIT Kerberos may also be affected. This
>      vulnerability can be triggered by sending a specially crafted
>      Kerberos message to a vulnerable system.
> 
> 
> II. Impact
> 
>    In the case of VU#220816 a remote attacker could log on to the
>    system via telnet and gain elevated privileges.
> 
>    In the case of VU#704024 and VU#419344, a remote, authenticated
>    attacker may be able to execute arbitrary code on KDCs, systems
>    running kadmind, and application servers that use the RPC or
>    GSS-API libraries. An attacker could also cause a denial of service
>    on any of these systems. As a secondary impact, either one of these
>    vulnerabilities could result in the compromise of both the KDC and
>    an entire Kerberos realm.
> 
> 
> III. Solution
> 
>    Check with your vendors for patches or updates. For information
>    about a vendor, please see the systems affected section in the
>    individual vulnerability notes or contact your vendor directly.
> 
>    Alternatively, apply the appropriate source code patches referenced
>    in MITKRB5-SA-2007-001, MITKRB5-SA-2007-002, and
>    MITKRB5-SA-2007-003 and recompile.
> 
>    These vulnerabilities will also be addressed in krb5-1.6.1.
> 
> 
> IV. References
> 
>      * US-CERT Vulnerability Note VU#220816 -
>        <http://www.kb.cert.org/vuls/id/220816>
> 
>      * US-CERT Vulnerability Note VU#704024 -
>        <http://www.kb.cert.org/vuls/id/704024>
> 
>      * US-CERT Vulnerability Note VU#419344 -
>        <http://www.kb.cert.org/vuls/id/419344>
> 
>      * MIT krb5 Security Advisory 2007-001 -
>        
> <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-00
> 1-telnetd.txt>
> 
>      * MIT krb5 Security Advisory 2007-002 -
>        
> <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-00
> 2-syslog.txt>
> 
>      * MIT krb5 Security Advisory 2007-003 -
>        
> <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-003.txt>
> 
> 
>  ____________________________________________________________________
> 
>    The most recent version of this document can be found at:
> 
>      <http://www.us-cert.gov/cas/techalerts/TA07-093B.html>
>  ____________________________________________________________________
> 
>    Feedback can be directed to US-CERT Technical Staff. Please send
>    email to <cert@xxxxxxxx> with "TA07-093B Feedback VU#202816" in the
>    subject.
>  ____________________________________________________________________
> 
>    For instructions on subscribing to or unsubscribing from this
>    mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
>  ____________________________________________________________________
> 
>    Produced 2007 by US-CERT, a government organization.
> 
>    Terms of use:
> 
>      <http://www.us-cert.gov/legal.html>
>  ____________________________________________________________________
> 
> 
> Revision History
> 
>    April 03, 2007: Initial release
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> 
> iQEVAwUBRhLoz+xOF3G+ig+rAQKUCwgArJjoYEKXFOd5SEpKJSaZGh+bRkOCe8PO
> y/wKWTdHFcRBnIAsw9g5d92czxhF37nNtX7Y2UsJ5k59OGNu+t9pTea7FeSegAUA
> zxmA9NcU/hnRubV1n6f7hDMefW1PT//olPOCLlqDxZuQrzza8jm1XPWtXqEFI0U6
> xWODIcC2SJ3lref3rhuRyA1KHsT+WjgSwduMm7xg8cRRcoXGgMFUN1/nwBszJfvC
> U+joiJlB5dsyiXtL657N4YmsGxQfcpe5nxRsMSsxwOxJxEmFHdkN29b66BMFNrfa
> NDOINNgrkvaKyVKG4fCa3ie1BnNdXPpc8txzQ6b4rv+n9Ph91N+yOw==
> =CH5D
> -----END PGP SIGNATURE-----
> 



 




Copyright © Lexa Software, 1996-2009.