MIT Kerberos 5 krb524d krb5_rd_cred() Arbitrary Code Execution

2004-08-31T00:00:00
ID OSVDB:9408
Type osvdb
Reporter OSVDB
Modified 2004-08-31T00:00:00

Description

Vulnerability Description

Keberos contains a flaw that may allow a malicious user to execute arbitrary commaands. The issue is triggered when krb5_rd_cread() tries to free allready freed buffers that were returned by decode_krb5_enc_cred_part() when error occurs. It is possible that the flaw may allow compromise entire Kerberos realm if victim is running KDC resulting in a loss of integrity.

Solution Description

Upgrade to version 5-1.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Keberos contains a flaw that may allow a malicious user to execute arbitrary commaands. The issue is triggered when krb5_rd_cread() tries to free allready freed buffers that were returned by decode_krb5_enc_cred_part() when error occurs. It is possible that the flaw may allow compromise entire Kerberos realm if victim is running KDC resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1011106 Secunia Advisory ID:12408 Secunia Advisory ID:12412 Secunia Advisory ID:12503 Secunia Advisory ID:12694 Secunia Advisory ID:12413 Secunia Advisory ID:12414 Secunia Advisory ID:12411 Secunia Advisory ID:12410 Secunia Advisory ID:12457 Related OSVDB ID: 9407 Related OSVDB ID: 9409 Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000860 Other Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-350.html Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:088 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200409-09.xml Other Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml Other Advisory URL: http://www.debian.org/security/2004/dsa-543 ISS X-Force ID: 17158 CVE-2004-0643 CERT VU: 866472