[ISN] Kerberos bug bites

From: InfoSec News (isnat_private)
Date: Mon Oct 28 2002 - 04:12:23 PST

  • Next message: InfoSec News: "[ISN] Increasing Wireless Security with TKIP"

    Forwarded from: Elyn Wollensky <elynat_private>
    By John Leyden
    Posted: 25/10/2002 at 13:16 GMT
    A flaw has been identified in certain implementations of the widely
    used Kerberos authentication protocol. The flaw could be exploited by
    crackers to gain root access to authentication servers.
    The issue is serious, with at least one exploit known to exist in the
    wild, but there is a patch.
    All releases of MIT Kerberos 5, up to and including krb5-1.2.6, and
    all Kerberos 4 implementations derived from MIT Kerberos 4, including
    Cygnus Network Security (CNS), are affected by the high risk
    The US government Department of Energy's Computer Incident Advisory
    Capability (CIAC) team warns the problem is compounded because a
    potential attacker does not have to authenticate to an authentication
    server in order to carry out the attack. Because of the issue an
    attacker might be able execute arbitrary code on the key distribution
    center (KDC), which authenticates users, and thereby compromise a
    Kerberos database.
    A stack buffer overflow in the implementation of the Kerberos v4
    compatibility administration daemon (kadmind4) of the MIT krb5
    distribution has been identified as the root cause of the problem. The
    kadmind4 daemon supplied with MIT krb5 is intended for use in sites
    that require compatibility with legacy administrative clients; sites
    that do not have this requirement are not likely to be running this
    MIT has published an advisory which advises sys admins with
    potentially vulnerable servers on how to fix the flaw.
    Kerberos, which was developed by MIT, is a very widely used means for
    securely authenticating a request for a service in a computer network.
    The name derives from Greek mythology, where Cerberus is the
    three-headed dog guarding the gates of Hades.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Oct 28 2002 - 07:09:36 PST