Published: 2007-04-06T02:05+00:00    Last Updated: 2007-04-13T03:16+00:00

TRTA07-093B
MIT Kerberos Vulnerabilities

Overview

The MIT Kerberos 5 implementation contains several vulnerabilities. One of these vulnerabilities (VU#220816) could allow a remote, unauthenticated attacker to log in via telnet (23/tcp) with elevated privileges. The other vulnerabilities (VU#704024, VU#419344) could allow a remote, authenticated attacker to execute arbitrary code on a Key Distribution Center (KDC).

Event Information

Date (UTC)Description
2007-04-10 Bugtraq
Kerberos Version 1.5.1 Kadmind Remote Root Buffer Overflow Vulnerability
Vulnerability Proof Of Concept (CVE-2007-0957)
#Cid: 23285.txt
2007-04-04 SANS Internet Storm Center
telnetd deja vu, this time it is Kerberos 5 telnetd
It seems like it was just a couple of weeks ago that we noted issues with the Solaris telnetd. A couple of our readers took exception to our statement in the earlier story that telnet shouldn't be open to the internet.
2007-04-03 23:57 US-CERT
TA07-093B: MIT Kerberos Vulnerabilities
Via US-CERT Mailing List
2007-04-03 17:56 MIT
MIT krb5 Security Advisory 2007-003: double-free vulnerability in kadmind (via GSS-API library)
The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a double-free attack in the RPCSEC_GSS authentication flavor of the RPC library, which itself results from a bug in the GSS-API library.
2007-04-03 17:56 MIT
MIT krb5 Security Advisory 2007-002: KDC, kadmind stack overflow in krb5_klog_syslog
The library function krb5_klog_syslog() can write past the end of a stack buffer. The Kerberos administration daemon (kadmind) as well as the KDC, are vulnerable.
2007-04-03 17:56 MIT
MIT krb5 Security Advisory 2007-001: telnetd allows login as arbitrary user
The MIT krb5 telnet daemon (telnetd) allows unauthorized login as an arbitrary user, when presented with a specially crafted username.
2007-02-08 iDefense
Multiple Vendor Kerberos kadmind Buffer Overflow Vulnerability
A buffer overflow exists in krb5_klog_syslog (CVE-2007-0957)
Vulnerability Reported