Results 1 to 2 of 2

Thread: Kerberos related vulnerability

  1. #1
    Old Fart
    Join Date
    Jun 2002

    Kerberos related vulnerability

    Just a heads up for the *nix crowd out there.....

    The Kerberos Administration daemon (kadmind), which is used in connection with Kerberos authentication, contains a buffer overflow vulnerability in many implementations, mostly affecting Linux/UNIX. Since kadmind is the daemon that handles the password changes and other modification requests to the Kerberos database, it is a vital element of many, but not all, security systems based on Kerberos.

    A Symantec report says that this threat is due to "insufficient bounds checking" and that an exploitation of this vulnerability could allow the attacker to run arbitrary code on the system.
    CERT Advisory CA-2002-29, "Buffer Overflow in Kerberos Administration Daemon," indicates that this problem is found in both the MIT and the KTH versions of Kerberos. Specifically, there is a buffer overflow in the kadm_ser_wrap_in function in the Kerberos v4 administration server.
    Risk level—serious
    Exploiting this vulnerability would give a remote attacker root privileges and complete control over the Kerberos authentication scheme for the affected systems. The Debian Security Advisories on Kerberos 4 and 5 confirm that exploit code is in circulation for this vulnerability, so it is a serious security hole and not just a theoretical problem.
    The original article is here.
    It also contains a list of Linux versions (Redhat, Mandrake, etc.) that may be vulnerable.
    u may be asked to signup to access this content....those who don't want to can always check out the CERT advisory.
    It isn't paranoia when you KNOW they're out to get you...

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Good find allenb1963, keep 'em coming...

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts