Next Page >>
Key Distribution Center
MIT krb5 Security Advisory 2011-002
Original release: 2011-02-08
Last update: 2011-02-08
Topic: KDC denial of service attacks
CVE-2011-0281: KDC vulnerable to hang when using LDAP back end
CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:H/RL:OF/RC:C
MIT krb5 Security Advisory 2011-006
Original release: 2011-10-18
Last update: 2011-10-18
Topic: KDC denial of service vulnerabilities
CVE-2011-1527: null pointer dereference in KDC LDAP back end
CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:H/RL:OF/RC:C
Topic: Multiple checksum handling vulnerabilities
CVE-2010-1324
* krb5 GSS-API applications may accept unkeyed checksums
* krb5 application services may accept unkeyed PAC checksums
* krb5 KDC may accept low-entropy KrbFastArmoredReq checksums
CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:C/A:N/E:POC/RL:OF/RC:C
CVSSv2 Base Score: 7.1
MIT krb5 Security Advisory 2008-001
Original release: 2008-03-18
Last update: 2008-03-18
Topic: double-free, uninitialized data vulnerabilities in krb5kdc
CVE-2008-0062
VU#895609
Use of a null or dangling pointer in the MIT Kerberos KDC can result
in a crash or double-free, and may leak portions of process memory to
MIT krb5 Security Advisory 2011-007
Original release: 2011-12-06
Last update: 2011-12-06
Topic: KDC null pointer dereference in TGS handling
CVE-2011-1530
KDC null pointer dereference in TGS handling
Problem Description:
Multiple vulnerabilities has been found and corrected in krb5:
The kdb_ldap plugin in the Key Distribution Center (KDC) in
MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP
back end is used, allows remote attackers to cause a denial of
service (NULL pointer dereference and daemon crash) via a kinit
operation with incorrect string case for the realm, related to the
is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal,
MIT krb5 Security Advisory 2011-003
Original release: 2011-03-15
Last update: 2011-03-15
Topic: KDC vulnerable to double-free when PKINIT enabled
CVE-2011-0284
CVSSv2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C
Problem Description:
Multiple vulnerabilities has been found and corrected in krb5:
The krb5_ldap_lockout_audit function in the Key Distribution Center
(KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through
1.9.1, when the LDAP back end is used, allows remote attackers to cause
a denial of service (assertion failure and daemon exit) via unspecified
vectors, related to the locked_check_p function (CVE-2011-1528).
The lookup_lockout_policy function in the Key Distribution Center (KDC)
MIT krb5 Security Advisory 2010-001
Original release: 2010-02-16
Last update: 2010-02-16
Topic: krb5-1.7 KDC denial of service
CVE-2010-0283
krb5-1.7 KDC denial of service
CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:O/RC:C
MITKRB5-SA-2010-004
MIT krb5 Security Advisory 2010-004
Original release: 2010-04-20
Topic: double free in KDC
CVE-2010-1320
CVSSv2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1528 CVE-2011-1529
It was discovered that the Key Distribution Center (KDC) in Kerberos 5
crashes when processing certain crafted requests:
CVE-2011-1528
When the LDAP backend is used, remote users can trigger
a KDC daemon crash and denial of service.
Report Confidence: Confirmed
SUMMARY
=======
The MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to
a denial-of-service attack triggered by invalid network input. If a
kpropd worker process receives invalid input that causes it to exit
with an abnormal status, it can cause the termination of the listening
process that spawned it, preventing the slave KDC it was running on
from receiving database updates from the master KDC.
Background
==========
MIT Kerberos 5 is a suite of applications that implement the Kerberos
network protocol. kadmind is the MIT Kerberos 5 administration daemon,
KDC is the Key Distribution Center.
Affected packages
=================
-------------------------------------------------------------------
MIT krb5 Security Advisory 2009-003
Original release: 2009-12-28
Last update: 2009-12-28
Topic: KDC denial of service in cross-realm referral processing
CVE-2009-3295
KDC denial of service in cross-realm referral processing
CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C
MITKRB5-SA-2010-006
MIT krb5 Security Advisory 2010-006
Original release: 2010-10-05
Topic: KDC uninitialized pointer crash in authorization data handling
CVE-2010-1322
CVSSv2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C/E:H/RL:OF/RC:C
Impact
======
A remote attacker may be able to execute arbitrary code with the
privileges of the administration daemon or the Key Distribution Center
(KDC) daemon, cause a Denial of Service condition, or possibly obtain
sensitive information. Furthermore, a remote attacker may be able to
spoof Kerberos authorization, modify KDC responses, forge user data
messages, forge tokens, forge signatures, impersonate a client, modify
user-visible prompt text, or have other unspecified impact.
IMPACT
======
[CVE-2009-0846] An unauthenticated, remote attacker could cause a
Kerberos application, including the Kerberos administration daemon
(kadmind) or the KDC to crash, and possibly to execute arbitrary code.
Compromise of the KDC or kadmind can compromise the Kerberos key
database and host security on the KDC host. (The KDC and kadmind
typically run as root.) We believe this scenario is highly unlikely,
given the details of the vulnerability.
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-0062 CVE-2008-0063 CVE-2008-0947
Several remote vulnerabilities have been discovered in the kdc component
of the krb5, a system for authenticating users and services on a
network.
CVE-2008-0062
Problem Description:
A vulnerability was discovered and corrected in krb5:
The MIT Kerberos 5 Key Distribution Center (KDC) daemon is vulnerable
to a double-free condition if the Public Key Cryptography for Initial
Authentication (PKINIT) capability is enabled, resulting in daemon
crash or arbitrary code execution (which is believed to be difficult)
(CVE-2011-0284).
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
krb5-kdc 1.6.dfsg.3~beta1-2ubuntu1.8
Ubuntu 9.10:
krb5-kdc 1.7dfsg~beta3-1ubuntu0.9
krb5-kdc-ldap 1.7dfsg~beta3-1ubuntu0.9
Problem Description:
Multiple vulnerabilities were discovered and corrected in krb5:
The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable
to denial of service attacks from unauthenticated remote attackers
(CVE-2011-0281, CVE-2011-0282).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
Background
==========
MIT Kerberos 5 is a suite of applications that implement the Kerberos
network protocol. kadmind is the MIT Kerberos 5 administration daemon,
KDC is the Key Distribution Center.
Affected packages
=================
-------------------------------------------------------------------
[CVE-2009-0847]
MIT krb5 can perform an incorrect length check inside an ASN.1
decoder. This only presents a problem in the PK-INIT code paths. In
the MIT krb5 KDC or kinit program, this could lead to spurious
malloc() failures or, under some conditions, program crash. We have
heard reports of the spurious malloc() failures, but nobody has yet
made the publicly made the connection to a security issue.
IMPACT
======
An unauthenticated remote attacker can, by inducing the decryption of
an invalid AES or RC4 ciphertext, cause a crash or heap corruption,
or, under extraordinarily unlikely conditions, arbitrary code
execution. A successful code-execution attack against a KDC can
compromise all services relying on that KDC for authentication.
However, the most probable outcome is a crash due to a memory fault or
abort() call. An attacker with a valid account in the relevant
Kerberos realm has a marginally higher chance of success to execute
arbitrary code, but the probability is still very low. Therefore, the
Problem Description:
A vulnerability was discovered and corrected in krb5:
The merge_authdata function in kdc_authdata.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does
not properly manage an index into an authorization-data list, which
allows remote attackers to cause a denial of service (daemon crash),
or possibly obtain sensitive information, spoof authorization,
or execute arbitrary code, via a TGS request, as demonstrated by a
ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8
ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19
d. Security update for krb5
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable
for some krb4 message types, which allows remote attackers to
cause a denial of service (crash) and possibly execute arbitrary
code via crafted messages that trigger a NULL pointer dereference
or double-free.
Problem Description:
A vulnerability has been discovered and corrected in krb5:
The process_tgs_req function in do_tgs_req.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows
remote authenticated users to cause a denial of service (NULL pointer
dereference and daemon crash) via a crafted TGS request that triggers
an error other than the KRB5_KDB_NOENTRY error (CVE-2011-1530).
The updated packages have been patched to correct this issue.
Problem Description:
A vulnerability was discovered and corrected in krb5:
The merge_authdata function in kdc_authdata.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does
not properly manage an index into an authorization-data list, which
allows remote attackers to cause a denial of service (daemon crash),
or possibly obtain sensitive information, spoof authorization,
or execute arbitrary code, via a TGS request, as demonstrated by a
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
krb5-kdc 1.7dfsg~beta3-1ubuntu0.12
Ubuntu 10.04 LTS:
krb5-kdc 1.8.1+dfsg-2ubuntu0.8
Ubuntu 10.10:
Details follow:
It was discovered that Kerberos did not properly determine the
acceptability of certain checksums. A remote attacker could use certain
checksums to alter the prompt message, modify a response to a Key
Distribution Center (KDC) or forge a KRB-SAFE message. (CVE-2010-1323)
It was discovered that Kerberos did not properly determine the
acceptability of certain checksums. A remote attacker could use certain
checksums to forge GSS tokens or gain privileges. This issue only affected
Ubuntu 9.10, 10.04 LTS and 10.10. (CVE-2010-1324)
Next Page>>
|
