Kerberos4 KDC AUTH_MSG_KDC_REQUEST NULL termination Vulnerability

Bugtraq ID:	1338
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2000-0546 CVE-2000-0547 CVE-2000-0549
Remote:	Yes
Local:	No
Published:	Jun 09 2000 12:00AM
Updated:	Jul 11 2009 02:56AM
Credit:	First posted to Bugtraq by Tom Yu <[email protected]> on June 9, 2000.
Vulnerable:	MIT Kerberos 5 5.0 -1.1.1 MIT Kerberos 5 5.0 -1.1 MIT Kerberos 5 5.0 -1.0.x MIT Kerberos 4 4.0 patch 10 Cygnus KerbNet 5.0 .x Cygnus Cygnus Network Security 4.0 .x
Not Vulnerable:	KTH Kerberos 4 1.0 .x KTH Heimdal 0.2 a-t KTH Heimdal 0.1 a-m

Kerberos4 KDC AUTH_MSG_KDC_REQUEST NULL termination Vulnerability

Kerberos4 KDC and Kerberos5 KDC enabled to serve Kerberos4 tickets are vulnerable to a denial of service. The code that services AUTH_MSG_KDC_REQUESTs does not properly check for null-termination.

Kerberos4 KDC AUTH_MSG_KDC_REQUEST NULL termination Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Kerberos4 KDC AUTH_MSG_KDC_REQUEST NULL termination Vulnerability

Solution:
Patches and the MIT advisory are available at:

http://web.mit.edu/kerberos/www/advisories/index.html

Kerberos4 KDC AUTH_MSG_KDC_REQUEST NULL termination Vulnerability

References:

• Kerberos Homepage (MIT)
  
• Several Kerberos Applications are Vulnerable to a Denial of Service (DoS) (Sun)