Info

Disclosure

Aug 31, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Keberos contains a flaw that may allow a malicious user to execute arbitrary commaands. The issue is triggered when krb5_rd_cread() tries to free allready freed buffers that were returned by decode_krb5_enc_cred_part() when error occurs. It is possible that the flaw may allow compromise entire Kerberos realm if victim is running KDC resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unavailable
Disclosure: OSVDB Verified

Solution

Upgrade to version 5-1.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

MIT

Kerberos

5-1.3.1

References

Security Tracker: 1011106
Secunia Advisory ID: 12408 12410 12411 12412 12413 12414 12457 12503 12694
ISS X-Force ID: 17158
CVE ID: 2004-0643 (see also: NVD)
CERT VU: 866472
Related OSVDB ID: 9407 9409
Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000860
http://rhn.redhat.com/errata/RHSA-2004-350.html
http://security.gentoo.org/glsa/glsa-200409-09.xml
http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml
http://www.debian.org/security/2004/dsa-543
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:088
Vendor Specific Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57631-1
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt
http://www-1.ibm.com/support/docview.wss?uid=swg21188222

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218