SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   Kerberos Vendors:   MIT
(IBM Issues Fix for IBM DCE) MIT krb5 KDC Buffer Overflow in 'do_as_req' and 'do_tgs_req' May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016199
SecurityTracker URL:  http://securitytracker.com/id/1016199
CVE Reference:   CVE-2005-1174, CVE-2005-1175   (Links to External Site)
Date:  Jun 1 2006
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): krb5-1.4.1 and prior versions
Description:   Two vulnerabilities were reported in the MIT krb5 Key Distribution Center (KDC) implementation. A remote user may be able to execute arbitrary code on the target system.

A remote user can send a specially crafted TCP connection to cause the KDC to attempt to free random memory and corrupt the heap [CVE: CAN-2005-1174]. This can cause denial of service conditions. Systems that accept TCP connections are affected.

A remote user can send the same kind of request via TCP or UDP to trigger a single-byte heap overflow [CVE: CAN-2005-1175]. The remote user may be able to execute arbitrary code.

The vendor reports that exploitation of these vulnerabilities is believed to be difficult.

The vulnerabilities reside in kdc/do_as_req.c' and 'kdc/do_tgs_req.c'.

The vendor credits Daniel Wachdorf with reporting these vulnerabilities.
Impact:   A remote user may be able to execute arbitrary code on the KDC host, potentially compromising an entire Kerberos realm.
Solution:   IBM has issued a fix (APAR IY85474) for IBM DCE, which is affected by this Kerberos vulnerability.

The IBM notice is available at:

http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474
Vendor URL:  web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-002-kdc.txt (Links to External Site)
Cause:   Boundary error
Underlying OS:   UNIX (AIX), UNIX (Solaris - SunOS)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 12 2005 MIT krb5 KDC Buffer Overflow in 'do_as_req' and 'do_tgs_req' May Let Remote Users Execute Arbitrary Code


 Source Message Contents
Date:  Thu, 1 Jun 2006 08:35:55 -0400
Subject:  IY85474: MIT KERBEROS VULNERABILITY NO # MITKRB5-SA-2005-002



http://www-1.ibm.com/support/docview.wss?uid=swg1IY85474

CVE-2005-1174
CVE-2005-1175


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC