Cyber Security Institute
§ Current Worries
Top 3 Worries
- Regulations
- Old Firewall Configurations
- Security Awareness
§ Listening
For the best information
- The underground
- Audible
- Executive Excellence
- Music (to keep me sane)
§ Watching
For early warnings
- 150 Security Websites
- AP Newsfeeds
- Vendors
Wednesday, July 13, 2005
Security authentication system Kerberos flaws
The Massachusetts Institute of Technology has issued patches for three serious flaws in Kerberos v5, a widely used security authentication system. The worst of the flaws could allow an attacker to gain access to an entire authentication realm, according to MIT.
One of these, a boundary error that can cause a heap-based buffer overflow via a TCP or UDP request, may be used to execute malicious code on a system; MIT warned a successful attack could allow access to the entire authentication realm protected by the KDC.
Two of the flaws affect the Key Distribution Center (KDC), which authenticates users. One of these, a boundary error that can cause a heap-based buffer overflow via a TCP or UDP request, may be used to execute malicious code on a system
A third flaw, affecting the krb5_recvauth() function, could allow a remote attacker to take over a system. However, the but is a double-free error, where a program attempts to free memory that’s already been freed. “Exploitation of double-free vulnerabilities is believed to be difficult,” MIT said in its advisory.
[Editors note: Microsoft’s implementation of Kerberos should not be affected since they coded their particular implementation internally]