Some vulnerabilities have been reported in Kerberos, which can be exploited by malicious people to potentially disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
1) A NULL-pointer dereference error exists in the "spnego_gss_accept_sec_context()" function in "src/lib/gssapi/spnego/spnego_mech.c". This can be exploited to e.g. crash the daemon by sending a "NegTokenInit" token with specially crafted ContextFlags.
2) An error in the "get_input_token()" function in the SPNEGO implementation can be exploited to trigger an out-of-bounds read and cause a crash.
Successful exploitation of this vulnerability may allow the disclosure of sensitive information.
3) An incorrect calculation performed in the "asn1buf_imbed()" function of the ASN.1 decoder can be exploited to crash kinit or KDC.
4) An error in the "asn1_decode_generaltime()" function can be exploited to free an uninitialized pointer via an invalid DER encoding.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
Please see the vendor's advisories for details on affected versions.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Kerberos Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.