‘Krb5 kadmind Denial Of Service vulnerability’


The Kerberos administration daemon (kadmind) can crash by referencing freed memory.’


‘The information has been provided by Sol Jerome.
The original article can be found at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt


Vulnerable Systems:
 * kadmind in MIT releases krb5-1.5 through krb5-1.6.3.

Immune Systems:
 * kadmind in MIT release krb5-1.7

A legitimate user can trigger this crash by using a newer version of the kadmin protocol than the server supports.

This is an implementation vulnerability in MIT krb5, and not a vulnerability in the Kerberos protocol. This vulnerability is not present in modern releases of MIT krb5.

An authenticated remote attacker could crash the Kerberos administration daemon (kadmind), causing a denial of service.

Patch Availability:
The patch is available at: http://web.mit.edu/kerberos/advisories/2010-003-patch.txt

CVE Information:

Disclosure Timeline:

MIT krb5 Security Advisory 2010-003
Original release: 2010-04-06
Last update: 2010-04-06′

Categories: UNIX