CERT-In Advisory CIAD-2007-47
MIT Kerberos Multiple Vulnerabilities
Original issue date:
September 6, 2007
Severity Rating: High
Systems Affected
Overview
Multiple vulnerabilities have been reported in MIT krb5 Kerberos administration daemon (kadmind) which could be exploited by remote authenticated attacker to execute arbitrary code on the affected system or cause denial of service.
Description
1. MIT Kerberos "svcauth_gss_validate()" Buffer Overflow Vulnerability ( CVE-2007-3999 )
A stack based buffer overflow vulnerability has been reported in MIT krb5 Kerberos administration daemon( kadmind ) due to a boundary error within the implementation of the RPCSEC_GSS authentication type exists in the "svcauth_gss_validate()" function in src/lib/rpc/svc_auth_gss.c.. A remote, authenticated attacker could exploit the vulnerability to execute arbitrary code via a long string in an RPC message on the affected system.
Other applications using krb5 are also affected.
2. MIT Kerberos "kadm5_modify_policy_internal()" uninitialized pointer Vulnerability ( CVE-2007-4000 )
A vulnerability has been reported in MIT Kerberos administration daemon ( kadmind ) due to improper return values check of the "krb5_db_get_policy()" function by kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c A remote authenticated attacker with the "modify policy" privilege could exploit the vulnerability to execute arbitrary code via unspecified vectors that could trigger a write to an uninitialized pointer.
Solution
Apply appropriate patch as provided by the vendor http://web.mit.edu/kerberos/advisories/2007-006-patch.txt
Vendor Information
MIT Kerberos
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-006.txt
References
REDHAT
http://www.redhat.com/support/errata/RHSA-2007-0858.html
SECUNIA
http://secunia.com/advisories/26676/
CVE-Name
CVE-2007-3999
CVE-2007-4000
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
