|
Kerberos V5 "libkadm5srv" Buffer Overflow Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA13592
|
|
|
Release Date:
|
2004-12-21
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Kerberos 5.x
|
| | CVE reference: | CVE-2004-1189 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Michael Tautschnig has reported a vulnerability in Kerberos V5, which potentially can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the libkadm5srv administration library within the "add_to_history()" function during the password history handling. This can be exploited to cause a heap-based buffer overflow when a principal changes the password and has a certain password history state.
Successful exploitation may allow execution of arbitrary code on a vulnerable Key Distribution Center (KDC) server. However, this requires that the administrator has performed a certain password policy change.
The vulnerability has been reported in version 1.3.5 and prior.
Solution:
Apply patch for version 1.3.5:
http://web.mit.edu/kerberos/advisories/2004-004-patch_1.3.5.txt
http://web.mit.edu/kerberos/advisories/2004-004-patch_1.3.5.txt.asc
The vulnerability is fixed in version 1.4-beta3. The vulnerability will reportedly be fixed in the upcoming krb5-1.4 release and krb5-1.3.6 patch release.
Provided and/or discovered by:
Michael Tautschnig
Original Advisory:
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-004-pwhist.txt
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
19 Related Secunia Security Advisories, displaying 10
|
|
|
1. Kerberos Multiple Vulnerabilities
|
|
2. Kerberos Multiple Vulnerabilities
|
|
3. Kerberos Multiple Vulnerabilities
|
|
4. Kerberos Multiple Vulnerabilities
|
|
5. Kerberos kadmind xprt->xp_auth Code Execution Vulnerability
|
|
6. Kerberos kadmind "mechglue" Code Execution Vulnerability
|
|
7. Kerberos V5 setuid Security Issue
|
|
8. Kerberos V5 Multiple Vulnerabilities
|
|
9. Kerberos V5 Telnet Client Information Disclosure Weakness
|
|
10. MIT Kerberos Telnet Client Buffer Overflow Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
