Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   OS (Microsoft)  >   Kerberos Vendors:   Microsoft
Microsoft Windows Kerberos and PKINIT Vulnerabilities Allow Denial of Service, Information Disclosure, and Spoofing
SecurityTracker Alert ID:  1014642
SecurityTracker URL:
CVE Reference:   CVE-2005-1981, CVE-2005-1982   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 9 2005
Impact:   Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Windows 2000 SP4, XP SP1\SP2, XP Pro x64 Edition, Server 2003, SP1, Itanium-based Systems, Itanium-based Systems SP1, x64 Edition
Description:   Two vulnerabilities were reported in Microsoft Windows systems with Kerberos and PKINIT. A remote user can cause denial of service conditions, gain access to sensitive information about the network, or spoof a server on the network.

The Kerberos vulnerability can be exploited by a remote user to cause a denial of service for users trying to authenticate to Active Directory. The exploit is performed by sending a specially crafted message to a Windows domain controller that authenticates users in an Active Directory domain. The Active Directory authentication service may stop responding.

The PKINIT vulnerability can be exploited by a remote user with access to an authentication session between the target client and the target domain controller. The remote user can conduct a man-in-the-middle attack to modify certain network traffic from the domain controller to gain access to sensitive client communications. Users can be tricked into accessing a malicious server rather than the actual domain controller.

Windows 2000 and later versions use Kerberos as the default authentication protocol.

Tony Chin of Shell, Inc. reported the Kerberos vulnerability to Microsoft. Andre Scedrov and his team; Iliano Cervesato, Aaron Jaggard, Joe-Kai Tsay, and Chris Walstad reported the PKINIT vulnerability to Microsoft.

Impact:   A remote user can cause denial of service conditions.

A remote user with access to network traffic can spoof a server to gain access to sensitive information.

Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4:

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:

Microsoft Windows XP Professional x64 Edition:

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:

Microsoft Windows Server 2003 x64 Edition:

A restart of the system is required after the update is applied.

Vendor URL: (Links to External Site)
Cause:   Authentication error, Exception handling error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC