9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.343 Low
EPSS
Percentile
97.0%
An unauthenticated attacker can cause krb5_recvauth() function to free a block of memory twice, possibly leading to arbitrary code execution.
Kerberos is a network authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. MIT Kerberos code is used in network applications from a variety of different vendors and is included in many UNIX and Linux distributions.
MIT krb5 Security Advisory 2005-003 issued 2005 July 12, available from
<<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt>> states:
The krb5_recvauth() function can free previously freed memory under some error conditions. This vulnerability may allow an unauthenticated remote attacker to execute arbitrary code. Exploitation of this vulnerability on a Kerberos Key Distribution Center (KDC) host can result in compromise of an entire Kerberos realm. No exploit code is known to exist at this time. Exploitation of double-free vulnerabilities is believed to be difficult.
An unauthenticated attacker may be able to execute arbitrary code in the context of a program calling krb5_recvauth(). This includes the kpropd program which typically runs on slave Key Distribution Center (KDC) hosts, potentially leading to compromise of an entire Kerberos realm. For more information please see the MIT krb5 Security Advisory 2005-003.
Apply patches available from your vendor. Details of the patch are also available from
<http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt>.
623332
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: July 12, 2005
Affected
`-----BEGIN PGP SIGNED MESSAGE-----
MIT krb5 Security Advisory 2005-003
Original release: 2005-07-12
Topic: double-free in krb5_recvauth
Severity: CRITICAL
The krb5_recvauth() function can free previously freed memory under
some error conditions. This vulnerability may allow an
unauthenticated remote attacker to execute arbitrary code.
Exploitation of this vulnerability on a Kerberos Key Distribution
Center (KDC) host can result in compromise of an entire Kerberos
realm. No exploit code is known to exist at this time. Exploitation
of double-free vulnerabilities is believed to be difficult.
[CAN-2005-1689, VU#623332]
An unauthenticated attacker may be able to execute arbitrary code in
the context of a program calling krb5_recvauth(). This includes the
kpropd program which typically runs on slave Key Distribution Center
(KDC) hosts, potentially leading to compromise of an entire Kerberos
realm. Other vulnerable programs which call krb5_recvauth() are
usually remote login programs running with root privileges.
Unsuccessful attempts at exploitation may result in denial of service
by crashing the target program.
The kpropd daemon in all releases of MIT krb5, up to and including
krb5-1.4.1, is vulnerable.
The klogind and krshd remote-login daemons in all releases of MIT
krb5, up to and including krb5-1.4.1, is vulnerable.
Third-party application programs which call krb5-recvauth() are also
vulnerable.
The upcoming krb5-1.4.2 release will have a fix for this
vulnerability.
Apply the following patch. This patch was generated against the
krb5-1.4.1 release. It may apply, with some offset, to earlier
releases.
The patch may also be found at:
<http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt>
The associated detached PGP signature is at:
<http://web.mit.edu/kerberos/advisories/2005-003-patch_1.4.1.txt.asc>
RCS file: /cvs/krbdev/krb5/src/lib/krb5/krb/recvauth.c,v
retrieving revision 5.38
diff -c -r5.38 recvauth.c
*** lib/krb5/krb/recvauth.c 3 Sep 2002 01:13:47 -0000 5.38
This announcement and related security advisories may be found on the
MIT Kerberos security advisory page at:
<http://web.mit.edu/kerberos/advisories/index.html>
The main MIT Kerberos web page is at:
<http://web.mit.edu/kerberos/index.html>
CVE: CAN-2005-1689
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689>
CERT: VU#623332
<http://www.kb.cert.org/vuls/id/623332>
Thanks to Magnus Hagander for reporting this vulnerability.
The helper function revcauth_common() in lib/krb5/krb/recvauth.c has
two locations which call krb5_read_message(), followed by an
unconditional krb5_xfree() of the buffer allocated by
krb5_read_message(). In the cases where the sendauth version string
or the application version string do not match the expected value,
recvauth_common() performs a krb5_xfree() on the buffer allocated by
krb5_read_message() preceding the subsequent unconditional call to
krb5_xfree() on the same buffer.
Since the code paths which call krb5_xfree() twice do so with almost
no intervening code, exploitation of this vulnerability may be more
difficult than exploitation of other double-free vulnerabilities. No
detailed analysis has been performed on the ease of exploitation.
2005-05-12 original release
Copyright © 2005 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (SunOS)
iQCVAwUBQtMbD6bDgE/zdoE9AQGmhQP+MYnmuw4+J3yIcQbS3chjZXVLHebTJJtN
jM5+cMBDQfYdpuoQER1Bbaf+7Ky1BoyX2zHfANzdDAiSFRykbFqEqgvdw9jqEFmx
ela1UtOhV5H80BZAzmGV+dVIqGPpWH0f4ArRe18Pbz2wZE0Vadq9VkBTJwHI23En
K3a9oiHA/XM=
=ZS63
-----END PGP SIGNATURE-----
`
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Affected
Red Hat, Inc
This issue affects the Kerberos packages shipped with Red Hat Enterprise
Linux. For Red Hat Enterprise Linux 2.1 and Red Hat Enterprise Linux 3
this issue is critical severity. Please see our advisory for more
information:
<https://rhn.redhat.com/errata/RHSA-2005-562.html>
Red Hat Enterprise Linux 4 contains checks within glibc that detect
double-free flaws. Therefore on Red Hat Enterprise Linux 4 successful
exploitation of this issue can only lead to a denial of service (KDC
crash) which is important severity. Please see our advisory for more
information:
<https://rhn.redhat.com/errata/RHSA-2005-567.html>
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 13, 2005
Affected
Sun is affected by the Kerberos vulnerability described in MIT Advisory MITKRB5-SA-2005-003 and CERT VU#623332. Sun has published Sun Alert 101810 which is available here:
<http://sunsolve.sun.com/search/document.do?assetkey=1-26-101810-1>
for this issue.
The Sun Alert is currently unresolved but will be updated once either IDRs or T-patches are available on SunSolve. The Sun Alert will ultimately be updated with the released patch information for the final resolution.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: June 09, 2005
Not Affected
Check Point products are not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: June 06, 2005
Not Affected
F5 products do not include a KDC. No F5 products are vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: June 07, 2005
Not Affected
Force10 does not implement Kerberos in its products, so we do not need to be listed as a vendor in the vulnerability note.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: May 10, 2005 Updated: July 12, 2005
Not Affected
NOT VULNERABLE
Hitachi HI-UX/WE2 is NOT Vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Not Affected
Juniper Networks’ products do not employ Kerberos in any configuration. Juniper’s products are not subject to exploitation via the vulnerability in the MIT krb5 software described in VU#623332.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: June 06, 2005
Not Affected
At this point, we have determined that there are no Microsoft products affected by this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: June 09, 2005
Not Affected
netfilter/iptables does not implement kerberos and is therefore not affected.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Not Affected
WatchGuard believes that it is not affected by this vulnerability. If you have further questions about this or any other security concern with WatchGuard products, please contact:
Steve Fallin
Director, Rapid Response Team
WatchGuard Technologies
<http://www.watchguard.com>
[email protected]
+1.206.521.8340
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: July 12, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
Notified: June 06, 2005 Updated: August 08, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23623332 Feedback>).
View all 41 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt>
This vulnerability was reported by the MIT Kerberos Development Team. The MIT Kerberos Development Team thanks Magnus Hagander for reporting this vulnerability.
This document was written by Robert Mead based on information in the MIT krb5 Security Advisory 2005-003.
CVE IDs: | CVE-2005-1689 |
---|---|
Severity Metric: | 13.01 Date Public: |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.343 Low
EPSS
Percentile
97.0%