Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA25800] Kerberos Multiple Vulnerabilities



> 
> TITLE:
> Kerberos Multiple Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA25800
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/25800/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> DoS, System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Kerberos 5.x
> http://secunia.com/product/556/
> 
> DESCRIPTION:
> Some vulnerabilities have been reported in Kerberos, which can be
> exploited by malicious users and malicious people to compromise a
> vulnerable system.
> 
> 1) An error exists within the "gssrpc__svcauth_gssapi" function in
> the RPC library, which can cause kadmind and possibly other
> third-party products to free an uninitialised pointer when receiving
> an RPC credential with a length of zero.
> 
> 2) A signedness error exists within the "gssrpc__svcauth_unix()"
> function in the RPC library, which is used by kadmind and possibly
> other third-party products. This can be exploited to cause a
> stack-based buffer overflow.
> 
> Successful exploitation of vulnerability #1 and #2 potentially allows
> execution of arbitrary code.
> 
> 3) A boundary error exists in kadmind within the
> "rename_principal_2_svc()" function and can be exploited to cause a
> stack-based buffer overflow.
> 
> Successful exploitation allows execution of arbitrary code but
> requires valid user credentials.
> 
> The vulnerabilities are reported in krb5-1.6.1. Other versions may
> also be affected.
> 
> SOLUTION:
> Apply patches (see vendor advisories for details).
> 
> http://web.mit.edu/kerberos/advisories/2007-004-patch.txt
> http://web.mit.edu/kerberos/advisories/2007-004-patch.txt.asc
> 
> http://web.mit.edu/kerberos/advisories/2007-005-patch.txt
> http://web.mit.edu/kerberos/advisories/2007-005-patch.txt.asc
> 
> PROVIDED AND/OR DISCOVERED BY:
> 1, 2) The vendor credits Wei Wang, McAfee Avert Labs.
> 3) An anonymous person, reported via iDefense Labs.
> 
> ORIGINAL ADVISORY:
> Kerberos:
> http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt
> http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-005.txt
> 
> iDefense Labs:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=548
> 
> OTHER REFERENCES:
> US-CERT VU#356961:
> http://www.kb.cert.org/vuls/id/356961
> 
> US-CERT VU#365313:
> http://www.kb.cert.org/vuls/id/365313
> 
> US-CERT VU#554257:
> http://www.kb.cert.org/vuls/id/554257
> 



 




Copyright © Lexa Software, 1996-2009.