‘Krb5 kadmind Denial Of Service vulnerability’

Summary

The Kerberos administration daemon (kadmind) can crash by referencing freed memory.’

Credit:

‘The information has been provided by Sol Jerome.
The original article can be found at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt


Details

Vulnerable Systems:
 * kadmind in MIT releases krb5-1.5 through krb5-1.6.3.

Immune Systems:
 * kadmind in MIT release krb5-1.7

A legitimate user can trigger this crash by using a newer version of the kadmin protocol than the server supports.

This is an implementation vulnerability in MIT krb5, and not a vulnerability in the Kerberos protocol. This vulnerability is not present in modern releases of MIT krb5.

An authenticated remote attacker could crash the Kerberos administration daemon (kadmind), causing a denial of service.

Patch Availability:
The patch is available at: http://web.mit.edu/kerberos/advisories/2010-003-patch.txt

CVE Information:
CVE-2010-0629

Disclosure Timeline:

MIT krb5 Security Advisory 2010-003
Original release: 2010-04-06
Last update: 2010-04-06′

Categories: UNIX