MIT Kerberos 5 allows unauthenticated attacker to cause MIT krb5 Key Distribution Center to free unallocated memory

Overview

An unauthenticated attacker can cause MIT krb5 Key Distribution Center (KDC) to free unallocated memory, possibly leading to arbitrary code execution.

Description

Kerberos is a network authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. MIT Kerberos code is used in network applications from a variety of different vendors and is included in many UNIX and Linux distributions.

The MIT krb5 Security Advisory 2005-002 issued 2005 July 12, available from
<<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt&gt;&gt; states:

The MIT krb5 Key Distribution Center (KDC) implementation can corrupt the heap by attempting to free memory at a random address when it receives a certain unlikely (but valid) request via a TCP connection. This attempt to free unallocated memory can result in a KDC crash and consequent denial of service. [CAN-2005-1174, VU#259798]

An unauthenticated attacker may be able to use this vulnerability to execute arbitrary code on the KDC host, potentially compromising an entire Kerberos realm. No exploit code is known to exist at this time. Exploitation of these vulnerabilities is believed to be difficult.

---

Impact

An unauthenticated attacker may be able to execute arbitrary code on the KDC host, potentially compromising an entire Kerberos realm. An unsuccessful attack against this heap corruption vulnerability may result in a denial of service by crashing the KDC process. According to the MIT krb5 Security Advisory 2005-002 this vulnerability affects the KDC implementation in all MIT krb5 releases supporting TCP client connections to the KDC. This includes krb5-1.3 and later releases, up to and including krb5-1.4.1.

---

Solution

Apply patches available from your vendor. Details of the patch are also available from

<http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt&gt;.

If patching can not be performed in a timely manner you could consider disabling TCP support in the KDC to avoid this vulnerability.

---

Vendor Information

259798

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Red Hat Inc. __ Affected

Notified: May 10, 2005 Updated: July 11, 2005

Status

Affected

Vendor Statement

Red Hat, Inc

This issue affects the Kerberos packages shipped with Red Hat Enterprise
Linux. For Red Hat Enterprise Linux 2.1 and Red Hat Enterprise Linux 3
this issue is critical severity. Please see our advisory for more
information:

<https://rhn.redhat.com/errata/RHSA-2005-562.html&gt;

Red Hat Enterprise Linux 4 contains checks within glibc that detect
double-free flaws. Therefore on Red Hat Enterprise Linux 4 successful
exploitation of this issue can only lead to a denial of service (KDC
crash) which is important severity. Please see our advisory for more
information:

<https://rhn.redhat.com/errata/RHSA-2005-567.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Sun Microsystems Inc. __ Affected

Notified: May 10, 2005 Updated: July 13, 2005

Status

Affected

Vendor Statement

Sun is affected by the two Kerberos vulnerabilities described in MIT Advisory MITKRB5-SA-2005-002 and CERT VU#259798 and VU#885830. Sun has published Sun Alert 101809 which is available here:

<http://sunsolve.sun.com/search/document.do?assetkey=1-26-101809-1&gt;

for these issues.

The Sun Alert is currently unresolved but will be updated once either IDRs or T-patches are available on SunSolve. The Sun Alert will ultimately be updated with the released patch information for the final resolution.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

F5 Networks __ Not Affected

Notified: May 12, 2005 Updated: May 17, 2005

Status

Not Affected

Vendor Statement

F5 products do not include a KDC. No F5 products are vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Juniper Networks __ Not Affected

Notified: May 10, 2005 Updated: June 21, 2005

Status

Not Affected

Vendor Statement

Juniper Networks’ products do not employ Kerberos in any configuration. Juniper’s products are not subject to exploitation via the vulnerability in the MIT krb5.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Microsoft Corporation __ Not Affected

Notified: May 10, 2005 Updated: May 27, 2005

Status

Not Affected

Vendor Statement

At this point, we have determined that there are no Microsoft products affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft made the above statement on May 15, 2005.

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Apple Computer Inc. __ Unknown

Notified: May 10, 2005 Updated: May 10, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Conectiva __ Unknown

Notified: May 10, 2005 Updated: May 10, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Cray Inc. __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Debian __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

EMC Corporation __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Engarde __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

FreeBSD __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Fujitsu __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

HP __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Hitachi __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

IBM __ Unknown

Notified: May 10, 2005 Updated: May 10, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Immunix __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Ingrian Networks __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

KTH Kerberos __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

MandrakeSoft __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

MontaVista Software __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

NEC Corporation __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

NetBSD __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Nokia __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Novell __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Openwall GNU/*/Linux __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

QNX __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

SCO __ Unknown

Notified: May 10, 2005 Updated: May 10, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

SGI __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Sony Corporation __ Unknown

Notified: May 10, 2005 Updated: May 17, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

SuSE Inc. __ Unknown

Notified: May 10, 2005 Updated: May 13, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

TurboLinux __ Unknown

Notified: May 10, 2005 Updated: May 13, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Unisys __ Unknown

Notified: May 10, 2005 Updated: May 13, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

WRQ __ Unknown

Notified: May 10, 2005 Updated: May 13, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

Wind River Systems Inc. __ Unknown

Notified: May 10, 2005 Updated: May 10, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23259798 Feedback>).

View all 35 vendors __View less vendors __

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt&gt;
• <http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt&gt;

Acknowledgements

This vulnerability was reported by the MIT Kerberos Development Team. The MIT Kerberos Development Team thank Daniel Wachdorf for reporting this vulnerability.

This document was written by Robert Mead based on information in the MIT krb5 Security Advisory 2005-002.

Other Information

CVE IDs:	CVE-2005-1174
Severity Metric:	11.48 Date Public: