|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
Kerberos contains a flaw that may allow a remote denial of service. The issue is triggered when a non-null terminated AUTH_MSG_KDC_REQUEST is recieved by the KDC, and will result in loss of availability for the KDC
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Denial of Service
Impact:
Loss of Availability
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Solution |
There are several solutions for mitigating this vulnerability. The first option users have is to upgrade to MIT Kerberos 5 version 1.2, as it has been reported to fix this vulnerability. Users who have the option to recompile Kerberos from source can apply the vendor supplied patches obtained from the following URL:
http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Those implementations of Kerberos from vendors other than MIT should consult the specific vendor for the availability of patch information. It is also possible to correct the flaw by implementing the following workaround(s):
1. Kerberos version 4 authentication can be disabled at run time by supplying command-line options to the KDC server. Consult the help pages for Kerberos to obtain the exact syntax to disable authentication.
2. Again for those user who have the option to recompile the Kerberos software can in fact recompile with the option '--without-krb4' to disable all Kerberos version 4 ticket handling in Kerberos version 5
|
|
Products |
|
Network Security
 |
All Versions |
|
Kerberos 4
|
Patch 10 and below |
|
|
|
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
