>
> TITLE:
> Kerberos Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA25800
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> DoS, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Kerberos 5.x
>
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Kerberos, which can be
> exploited by malicious users and malicious people to compromise a
> vulnerable system.
>
> 1) An error exists within the "gssrpc__svcauth_gssapi" function in
> the RPC library, which can cause kadmind and possibly other
> third-party products to free an uninitialised pointer when receiving
> an RPC credential with a length of zero.
>
> 2) A signedness error exists within the "gssrpc__svcauth_unix()"
> function in the RPC library, which is used by kadmind and possibly
> other third-party products. This can be exploited to cause a
> stack-based buffer overflow.
>
> Successful exploitation of vulnerability #1 and #2 potentially allows
> execution of arbitrary code.
>
> 3) A boundary error exists in kadmind within the
> "rename_principal_2_svc()" function and can be exploited to cause a
> stack-based buffer overflow.
>
> Successful exploitation allows execution of arbitrary code but
> requires valid user credentials.
>
> The vulnerabilities are reported in krb5-1.6.1. Other versions may
> also be affected.
>
> SOLUTION:
> Apply patches (see vendor advisories for details).
>
>
>
>
>
>
>
> PROVIDED AND/OR DISCOVERED BY:
> 1, 2) The vendor credits Wei Wang, McAfee Avert Labs.
> 3) An anonymous person, reported via iDefense Labs.
>
> ORIGINAL ADVISORY:
> Kerberos:
>
>
>
> iDefense Labs:
> .
> php?id=548
>
> OTHER REFERENCES:
> US-CERT VU#356961:
>
>
> US-CERT VU#365313:
>
>
> US-CERT VU#554257:
>
>
