SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kerberos Vendors:   Microsoft, MIT
Windows Kerberos Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1025048
SecurityTracker URL:  http://securitytracker.com/id/1025048
CVE Reference:   CVE-2011-0043, CVE-2011-0091   (Links to External Site)
Updated:  Mar 17 2011
Original Entry Date:  Feb 9 2011
Impact:   Modification of authentication information, Modification of system information, Modification of user information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Two vulnerabilities were reported in Kerberos on Windows. A local user can obtain elevated privileges on the target system.

The Microsoft Kerberos implementation supports a weak hashing mechanism [CVE-2011-0043]. A local user can forge portions of a Kerberos service ticket to obtain a token with elevated privileges on the target system.

The MIT Kerberos Team reported this vulnerability.

A local user can downgrade Kerberos authentication to use DES and impersonate a valid user's credentials or forge Kerberos traffic. Windows 7 and Windows Server 2008 R2 are affected.

Scott Stender of iSEC Partners for reporting the Kerberos Spoofing Vulnerability (CVE-2011-0091)

Impact:   A local user can obtain elevated privileges on the target system.
Solution:   The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=486D1969-6814-4556-8DC0-5BFBAEE528B0

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=A210C796-7077-4617-A9A8-9EA99FE11A5E

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=8A1E2675-0BF0-4D94-B48A-6E846DD6D9F5

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=E79BBBD4-8D5A-4C4C-8427-21C14400F041

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=856FBCC2-EAD9-4EC1-92DD-988E6D22DAE9

Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=FFED7C76-0B75-4F57-9B63-3961A8B449F6

Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=C26CEBCF-683F-4A51-BE75-76535FB979A7

Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=46BB3EF1-24C3-41CB-8141-0FDBD85093F7

Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=01737933-E7DE-451B-B02F-B7CA24693965

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms11-013.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms11-013.mspx (Links to External Site)
Cause:   State error
Underlying OS:  Windows (2003), Windows (2008), Windows (7), Windows (XP)
Underlying OS Comments:  XP SP3, 2003 SP2, 2008 R2 SP1, 7 SP1; and prior service packs

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC