Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


CERT Advisory: Vulnerability in Kerberos Can Lead to Remote System Access

Oct 25, 2002, 20:18 (0 Talkback[s])

Multiple Kerberos distributions contain a remotely exploitable buffer overflow in the Kerberos administration daemon. A remote attacker could exploit this vulnerability to gain root privileges on a vulnerable system.

The CERT/CC has received reports that indicate that this vulnerability is being exploited. In addition, MIT advisory MITKRB5-SA-2002-002 notes that an exploit is circulating.

We strongly encourage sites that use vulnerable Kerberos distributions to verify the integrity of their systems and apply patches or upgrade as appropriate.

The CERT/CC has received reports that indicate that this vulnerability is being exploited. In addition, MIT advisory MITKRB5-SA-2002-002 notes that an exploit is circulating.

We strongly encourage sites that use vulnerable Kerberos distributions to verify the integrity of their systems and apply patches or upgrade as appropriate.

Kerberos is a widely used network protocol that uses strong cryptography to authenticate clients and servers. The Kerberos administration daemon (typically called kadmind) handles password change and other requests to modify the Kerberos database. The daemon runs on the master Key Distribution Center (KDC) server of a Kerberos realm.

The code that provides legacy support for the Kerberos 4 administration protocol contains a remotely exploitable buffer overflow. The vulnerable code does not adequately validate data read from a network request. This data is subsequently used as an argument to a memcpy() call, which can overflow a buffer allocated on the stack. An attacker does not have to authenticate in order to exploit this vulnerability, and the Kerberos administration daemon runs with root privileges.

Both Massachusetts Institute of Technology (MIT) and Kungl Tekniska Högskolan (KTH) Kerberos are affected, as well as operating systems, applications, and other Kerberos implementations that use vulnerable code derived from either the MIT or KTH distributions. In MIT Kerberos 5, the Kerberos 4 administration daemon is implemented in kadmind4. In KTH Kerberos 4 (eBones), the Kerberos administration daemon is implemented in kadmind. KTH Kerberos 5 (Heimdal) also implements the daemon in kadmind; however, the Heimdal daemon is only affected if compiled with Kerberos 4 support. Since the vulnerable Kerberos administration daemon is included in the MIT Kerberos 5 and KTH Heimdal distributions, both Kerberos 4 sites and Kerberos 5 sites that enable support for the Kerberos 4 administration protocol are affected.