SSH Client Kerberos 5 TGT Overflow

1998-11-04T20:38:00
ID OSVDB:4883
Type osvdb
Reporter OSVDB
Modified 1998-11-04T20:38:00

Description

Vulnerability Description

A remote overflow exists in the commercial ssh client. When Kerberos V is enable, the ssh client fails to correctly parse a long DNS hostname containing 128 bytes or more during TGT ticket passing, resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service or execute arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Upgrade to version 1.2.27 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch.

Short Description

A remote overflow exists in the commercial ssh client. When Kerberos V is enable, the ssh client fails to correctly parse a long DNS hostname containing 128 bytes or more during TGT ticket passing, resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service or execute arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.

References:

Mail List Post: http://www.securityfocus.com/archive/1/11118/1998-10-30/1998-11-05/0 ISS X-Force ID: 8328 CVE-1999-1321