Published: 2007-04-06T02:05+00:00
Last Updated: 2007-04-13T03:16+00:00
TRTA07-093B
MIT Kerberos Vulnerabilities
Overview
The MIT Kerberos 5 implementation contains several vulnerabilities. One of these vulnerabilities (VU#220816) could allow a remote, unauthenticated attacker to log in via telnet (23/tcp) with elevated privileges. The other vulnerabilities (VU#704024, VU#419344) could allow a remote, authenticated attacker to execute arbitrary code on a Key Distribution Center (KDC).
Event Information
| Date (UTC) | Description |
| 2007-04-10 |
Bugtraq Kerberos Version 1.5.1 Kadmind Remote Root Buffer Overflow Vulnerability Vulnerability Proof Of Concept (CVE-2007-0957) #Cid: 23285.txt |
| 2007-04-04 |
SANS Internet Storm Center telnetd deja vu, this time it is Kerberos 5 telnetd It seems like it was just a couple of weeks ago that we noted issues with the Solaris telnetd. A couple of our readers took exception to our statement in the earlier story that telnet shouldn't be open to the internet. |
| 2007-04-03 23:57 |
US-CERT TA07-093B: MIT Kerberos Vulnerabilities Via US-CERT Mailing List |
| 2007-04-03 17:56 |
MIT MIT krb5 Security Advisory 2007-003: double-free vulnerability in kadmind (via GSS-API library) The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a double-free attack in the RPCSEC_GSS authentication flavor of the RPC library, which itself results from a bug in the GSS-API library. |
| 2007-04-03 17:56 |
MIT MIT krb5 Security Advisory 2007-002: KDC, kadmind stack overflow in krb5_klog_syslog The library function krb5_klog_syslog() can write past the end of a stack buffer. The Kerberos administration daemon (kadmind) as well as the KDC, are vulnerable. |
| 2007-04-03 17:56 |
MIT MIT krb5 Security Advisory 2007-001: telnetd allows login as arbitrary user The MIT krb5 telnet daemon (telnetd) allows unauthorized login as an arbitrary user, when presented with a specially crafted username. |
| 2007-02-08 |
iDefense Multiple Vendor Kerberos kadmind Buffer Overflow Vulnerability A buffer overflow exists in krb5_klog_syslog (CVE-2007-0957) Vulnerability Reported |