Published: 2008-03-22T16:59+00:00
Last Updated: 2008-03-22T16:59+00:00
TRTA08-079B
MIT Kerberos Updates for Multiple Vulnerabilities
Overview
The MIT Kerberos implementation contains several vulnerabilities. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, compromise the key database or cause a denial of service on a vulnerable system.
Event Information
Date (UTC) | Description |
2008-03-19 16:28 |
US-CERT TA08-079B: MIT Kerberos Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
2008-03-19 11:41 |
US-CERT MIT Kerberos Security Advisories US-CERT Current Activity MIT has released two Security Advisories to address multiple vulnerabilities in Kerberos 5. These vulnerabilities affect krb4-enabled KDC servers and the GSS RPC library used by kadmind. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code, obtain sensitive information, or cause a denial of service condition. |
2008-03-18 18:00 |
MIT MIT krb5 Security Advisory 2008-002: array overrun in RPC library used by kadmind Use of high-numbered file descriptors in the RPC library, used by kadmind, can cause references past the end of an array. |