US-CERT Technical Cyber Security Alert TA07-093B -- MIT Kerberos Vulnerabilities
- From: CERT Advisory <cert-advisory@xxxxxxxx>
- Date: Tue, 3 Apr 2007 19:58:41 -0400
-----BEGIN PGP SIGNED MESSAGE-----
National Cyber Alert System
Technical Cyber Security Alert TA07-093B
MIT Kerberos Vulnerabilities
Original release date: April 03, 2007
Last revised: --
* MIT Kerberos
Other products based on the GSS-API or the RPC libraries provided
with MIT Kerberos may also be affected.
The MIT Kerberos 5 implementation contains several vulnerabilities.
One of these vulnerabilities (VU#220816) could allow a remote,
unauthenticated attacker to log in via telnet (23/tcp) with
elevated privileges. The other vulnerabilities (VU#704024,
VU#419344) could allow a remote, authenticated attacker to execute
arbitrary code on a Key Distribution Center (KDC).
There are three vulnerabilities that affect MIT Kerberos 5:
* VU#220816 - MIT Kerberos 5 telnet daemon allows login as
The telnet daemon included with the MIT Kerberos administration
daemon contains a vulnerability that may allow a remote,
unauthorized user to log on to the system with elevated
* VU#704024 - MIT Kerberos 5 administration daemon stack overflow
The MIT Kerberos administration daemon contains a vulnerability
in the way the krb5_klog_syslog() function handles specially
crafted strings that may allow a remote, authenticated attacker
to execute arbitrary code. Other server applications that call
krb5_klog_syslog() may also be affected. This vulnerability can
be triggered by sending a specially crafted Kerberos message to a
* VU#419344 - MIT Kerberos 5 GSS-API library double-free
A vulnerability exists in the way that the GSS-API library
provided with MIT krb5 handles messages with an invalid direction
encoding, resulting in a double free which may allow a remote,
authenticated attacker to execute arbitrary code. Other server
applications that utilize the RPC library or the GSS-API library
provided with MIT Kerberos may also be affected. This
vulnerability can be triggered by sending a specially crafted
Kerberos message to a vulnerable system.
In the case of VU#220816 a remote attacker could log on to the
system via telnet and gain elevated privileges.
In the case of VU#704024 and VU#419344, a remote, authenticated
attacker may be able to execute arbitrary code on KDCs, systems
running kadmind, and application servers that use the RPC or
GSS-API libraries. An attacker could also cause a denial of service
on any of these systems. As a secondary impact, either one of these
vulnerabilities could result in the compromise of both the KDC and
an entire Kerberos realm.
Check with your vendors for patches or updates. For information
about a vendor, please see the systems affected section in the
individual vulnerability notes or contact your vendor directly.
Alternatively, apply the appropriate source code patches referenced
in MITKRB5-SA-2007-001, MITKRB5-SA-2007-002, and
MITKRB5-SA-2007-003 and recompile.
These vulnerabilities will also be addressed in krb5-1.6.1.
* US-CERT Vulnerability Note VU#220816 -
* US-CERT Vulnerability Note VU#704024 -
* US-CERT Vulnerability Note VU#419344 -
* MIT krb5 Security Advisory 2007-001 -
* MIT krb5 Security Advisory 2007-002 -
* MIT krb5 Security Advisory 2007-003 -
The most recent version of this document can be found at:
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@xxxxxxxx> with "TA07-093B Feedback VU#202816" in the
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
Produced 2007 by US-CERT, a government organization.
April 03, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----
- Prev by Date: US-CERT Technical Cyber Security Alert TA07-093A -- Microsoft Update for Windows Animated Cursor Vulnerability
- Next by Date: US-CERT Technical Cyber Security Alert TA07-100A -- Microsoft Updates for Multiple Vulnerabilities
- Previous by thread: US-CERT Technical Cyber Security Alert TA07-093A -- Microsoft Update for Windows Animated Cursor Vulnerability
- Next by thread: US-CERT Technical Cyber Security Alert TA07-100A -- Microsoft Updates for Multiple Vulnerabilities