[PLSA 2009-54] Mit-kerberos: Multiple Vulnerabilities

• Severity: 3
• Type: Remote
• Release Date: 2009-04-12

Summary

There are multiple implementation vulnerabilities in MIT krb5 which can cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.

Description

An unauthenticated, remote attacker could cause a Kerberos application, including the Kerberos administration daemon
(kadmind) or the KDC to crash, and possibly to execute arbitrary code.

Packages

Pardus 2008

• mit-kerberos, all before 1.6.3-12-2

Resolution

There are update(s) for mit-kerberos. You can update them via Package Manager or with a single command from console:

Pardus 2008

pisi up mit-kerberos 

References

• http://bugs.pardus.org.tr/show_bug.cgi?id=9531
• http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-001.txt