Linux Today: Linux News On Internet Time.

Multiple holes in MIT Kerberos

Apr 09, 2009, 15:34 (0 Talkback[s])

" Attackers can reportedly exploit a weakness to cause a SPNEGO GSS-API application crash, including the Kerberos administration daemon (kadmind). A remote attack could also cause a key distribution center (KDC) or kinit program to crash.

"The developers also describe a vulnerability in the ASN.1 decoder that could allow an attacker to crash the Kerberos application and execute arbitrary malicious code. All attacks can be run remotely and do not require authentication."

Complete Story

Related Stories: