The MIT developers of the Kerberos
authentication system have released patches for several serious security holes,
which could allow remote attackers to obtain sensitive information, shut down
a system or execute malicious code.
The first problem is with the Kerberos Key Distribution Center (KDC) and involves
the way the KDC handles incoming krb4 requests. The problem can be exploited
to crash the KDC server, execute malicious code or disclose memory, according
to MIT.
The second problem is in the way the KDC sends responses for krb4 requests,
which can be exploited to disclose potentially sensitive stack memory via a
specially crafted krb4 request.
Exploitation for these first two bugs requires that krb4 support is enabled
in the KDC; it is disabled by default in newer versions. These bugs affect Kerberos
5 versions 1.6.3 and earlier.
The third bug is in the Kerberos RPC library when handling open file descriptors.
Under certain conditions, an attacker could send an overly large number of RPC
connections, causing a memory corruption and allowing the execution of malicious
code.
This bug affects Kerberos 5 versions 1.2.2 to 1.3 and 1.4 through 1.6.3, according
to MIT.
Independent security firm Secunia
gave the bugs a "highly critical" ranking.
