January 2007

ID: 00024
Ref: 21/2007
Date: 10 January 2007:09:59:46
Version: 1

---

Title: MIT Kerberos Vulnerabilities
Abstract: The MIT Kerberos administration daemon contains two vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code.
Vendors affected: MIT
Applications affected: MIT

---

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA07-009B


MIT Kerberos Vulnerabilities

Original release date: January 09, 2007
Last revised: --
Source: US-CERT


Systems Affected

* MIT Kerberos

Other products based on the GSS-API or the RPC libraries provided with
MIT Kerberos may also be affected.


Overview

The MIT Kerberos administration daemon contains two vulnerabilities
that may allow a remote, unauthenticated attacker to execute arbitrary
code.


I. Description

We are aware of two vulnerabilities that affect the Kerberos
administration daemon:

* VU#481564 - Kerberos administration daemon fails to properly
initialize function pointers
The MIT Kerberos administration daemon contains a vulnerability in
the way pointers are handled that may allow a remote,
unauthenticated user to execute arbitrary code. Other server
applications that utilize the RPC library provided with MIT
Kerberos may also be affected. This vulnerability can be triggered
by sending a specially crafted Kerberos packet to a vulnerable
system. Further details about this vulnerability are available
from the MIT Kerberos Development Team.

* VU#831452 - Kerberos administration daemon may free uninitialized
pointers
The MIT Kerberos administration daemon contains a vulnerability
that may allow an attacker to execute arbitary code. Other server
applications that utilize the GSS-API library provided with MIT
Kerberos may also be affected. Further details about this
vulnerability are available from the MIT Kerberos Development
Team.


II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary
code resulting in the compromise of the Kerberos key database or cause
a denial of service.


III. Solution

These vulnerabilities are addressed in MIT krb5 Security Advisory
2006-002 and MIT krb5 Security Advisory 2006-003. Patches for these
issues are also included in those advisories.


IV. References

* US-CERT Vulnerability Note VU#481564 -

* US-CERT Vulnerability Note VU#831452 -

* MIT krb5 Security Advisory 2006-002 -

* MIT krb5 Security Advisory 2006-003 -


____________________________________________________________________

The most recent version of this document can be found at:


____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to with "TA07-009B Feedback VU#481564" in the
subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit .
____________________________________________________________________

Produced 2007 by US-CERT, a government organization.

Terms of use:


____________________________________________________________________


Revision History

January 09, 2007: Initial release

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRaQNc+xOF3G+ig+rAQKaOQgAjOD7/KVse1tv1gn46WKWVJ4mPajTdn8z
2B7cO52KVKJ6cPvQCXb5Yhy0ljFOqbtZAHyQ/XzdP13CrrQC6ut32aQN+HRSEf3N
3/kwxMxl+QlKUQ97kG3c40XsNClMVDGvWsQj2LRFrzKpTjjPSag+Cdp0eAp0YVx/
6G3WR0HgjoIrfoYgVdqiIz5yeG0O2adLNmjoosDoxV4sro94JbB1iv+SHM+HNCR8
UNIj/kBukOlof0zHapPVofcjJBnxkkRfLrwb1CmrHU5QL6su1GJ4dohlYnnpDevf
NYAoVkr2wni8hjaJezK+jjlp9Q2cEEoRyEHLCS33Q0jOhvSCidXUwQ==
=Ac/A
- -----END PGP SIGNATURE-----