KTH Kerberos 4 Buffer Overflow Vulnerability

BID:2091

Info

KTH Kerberos 4 Buffer Overflow Vulnerability

Bugtraq ID: 2091
Class: Boundary Condition Error
CVE:
Remote: Yes
Local: Yes
Published: Dec 08 2000 12:00AM
Updated: Dec 08 2000 12:00AM
Credit: First posted to Bugtraq by Jouko Pynnonen <[email protected]> on Dec 8, 2000.
Vulnerable: KTH Kerberos 4 1.0.3 -1.0
KTH Kerberos 4 1.0.3 -1
KTH Kerberos 4 1.0.3
KTH Kerberos 4 1.0.2
KTH Kerberos 4 1.0.1 -1
KTH Kerberos 4 1.0.1
KTH Kerberos 4 1.0 -1.0.1
KTH Kerberos 4 1.0
KTH Kerberos 4 0.10.1
KTH Kerberos 4 0.10
KTH Kerberos 4 0.9.9
KTH Kerberos 4 0.9.8
KTH Kerberos 4 0.9.7
KTH Kerberos 4 0.9.6 +patches
KTH Kerberos 4 0.9.6
KTH Kerberos 4 0.9.5
KTH Kerberos 4 0.9.3
KTH Kerberos 4 0.9.2 a
KTH Kerberos 4 0.9.2
KTH Kerberos 4 0.9.1
KTH Kerberos 4 0.9
KTH Kerberos 4 0.8
KTH Kerberos 4 0.7
KTH Kerberos 4 0.6
KTH Kerberos 4 0.5
KTH Kerberos 4 0.1
KTH Kerberos 4 0.0
Not Vulnerable: KTH Kerberos 4 1.0.4

Discussion

KTH Kerberos 4 Buffer Overflow Vulnerability

Kerberos is a widely used network service authentication system. The version of Kerberos developed and maintained by KTH (Swedish Royal Institute of Technology) contains a buffer overflow vulnerability that may allow/assist in a local or remote root compromise.

When a service using KTH Kerberos 4 recieves a response from a Kerberos server during the authentication process, it performs a memory copy of data contained within the packet to a buffer of predefined size on the process' stack. The amount of data to be copied is supplied externally, in the response packet. If this length value is greater than the number of bytes allocated for the destination buffer, a stack overflow can occur when the copy is performed.

It may be possible for an attacker to exploit this and gain root access on the host running the Kerberos-enabled service in the traditional buffer overflow manner. In order to do so, the attacker would have to have control of the Kerberos server for the target host or be able to send malicious malformed replies. The latter may be possible with the aid of another vulnerability in KTH Kerberos 4, allowing unauthenticated remote clients to specify a proxy server for the Kerberos Server (see Bugtraq ID 2090).

Exploit / POC

KTH Kerberos 4 Buffer Overflow Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Solution / Fix

KTH Kerberos 4 Buffer Overflow Vulnerability

Solution:
Upgrade to KTH Kerberos 4 version 1.0.4. NetBSD has released a patch for NetBSD 1.5..


KTH Kerberos 4 1.0

KTH Kerberos 4 1.0.3

References

KTH Kerberos 4 Buffer Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report