CERT-In Vulnerability Note CIVN-2009-40
Solaris Kerberos Incremental Propagation Remote Denial of Service Vulnerability
Original Issue Date:March 31, 2009
Severity Rating:
High
Systems Affected
Overview
A vulnerability has been reported in Sun Solaris Kerberos server which could allow an unauthorized remote user to cause Denial of Service condition by preventing requests. Description
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
This vulnerability exists because t he Kerberos Incremental Propagation daemon (kpropd) does not properly timeout. Successful exploitation of this vulnerability allow an unauthenticated remote user on a system who can access a master Key Distribution Center (KDC) server to prevent propagation of incremental propagation requests to slave KDC servers, which cause Denial of Service (DoS) condition.
Solutions
SPARC Platform
- Solaris 10 with patch 138371-05 or later
- Opensolaris based upon build snv_111 or later
x86 Platform
- Solaris 10 with patch 138372-05 or later
- Opensolaris based upon build snv_111 or later
Vendor Information
Sun
http://sunsolve.sun.com/search/document.do?assetkey=
1-66-249926-1
References
Sun
http://sunsolve.sun.com/search/document.do?assetkey=
1-66-249926-1
SecurityTracker
http://www.securitytracker.com/alerts/2009/Mar/1021851.html
SecurityFocus
http://www.securityfocus.com/bid/34139
Secunia
http://secunia.com/advisories/34298/
ISS XFORCE
http://xforce.iss.net/xforce/xfdb/49276
CVE Name
CVE-2009-0923
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
