Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, July 13, 2005

Security authentication system Kerberos flaws

The Massachusetts Institute of Technology has issued patches for three serious flaws in Kerberos v5, a widely used security authentication system.  The worst of the flaws could allow an attacker to gain access to an entire authentication realm, according to MIT.

One of these, a boundary error that can cause a heap-based buffer overflow via a TCP or UDP request, may be used to execute malicious code on a system; MIT warned a successful attack could allow access to the entire authentication realm protected by the KDC.

Two of the flaws affect the Key Distribution Center (KDC), which authenticates users. One of these, a boundary error that can cause a heap-based buffer overflow via a TCP or UDP request, may be used to execute malicious code on a system

A third flaw, affecting the krb5_recvauth() function, could allow a remote attacker to take over a system.  However, the but is a double-free error, where a program attempts to free memory that’s already been freed.  “Exploitation of double-free vulnerabilities is believed to be difficult,” MIT said in its advisory.

[Editors note:  Microsoft’s implementation of Kerberos should not be affected since they coded their particular implementation internally]

http://www.xatrix.org/article3963.html

Posted on 07/13
WarningsPermalink