SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kerberos Vendors:   MIT
Microsoft Windows Kerberos Ticket-Granting-Ticket Processing Flaw Lets Remote Authenticated Users Deny Service
SecurityTracker Alert ID:  1023566
SecurityTracker URL:  http://securitytracker.com/id/1023566
CVE Reference:   CVE-2010-0035   (Links to External Site)
Date:  Feb 9 2010
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Kerberos on Microsoft Windows. A remote authenticated user can cause denial of service conditions.

A remote authenticated user on a non-Windows realm can send specially crafted Ticket-Granting-Ticket renewal requests to cause the target Windows domain controller to stop responding.

Mixed-mode Kerberos implementations are affected.

Impact:   A remote authenticated user can cause the target Windows domain controller to stop responding.
Solution:   Microsoft has issued the following fixes:

Microsoft Windows 2000 Server Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?familyid=56a9afba-a6ee-4fb9-ba85-e51d9f94de27

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=738e2fda-96fc-413d-a5c7-74b1fac1d6b3

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=f8ad539d-8191-4864-977b-ad4e31c04ba0

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=d549c927-add7-4d83-bfc7-15dc35663dfb

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=75327470-0f14-4cdd-bcb7-64684c61c267

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=7d0f8f81-fc10-450a-a653-06f89acba9fa

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-014.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms10-014.mspx (Links to External Site)
Cause:   Not specified
Underlying OS:  Windows (2000), Windows (2003), Windows (2008)
Underlying OS Comments:  2000 SP4, 2003 SP2, 2008 SP2; and prior service packs

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC