Software Engineering Institute

Kerberos is a network authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. MIT Kerberos code is used in network applications from a variety of different vendors and is included in many UNIX and Linux distributions.

The MIT krb5 Security Advisory 2005-002 issued 2005 July 12, available from
<http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-002-kdc.txt> states:

The MIT krb5 Key Distribution Center (KDC) implementation can corrupt the heap by attempting to free memory at a random address when it receives a certain unlikely (but valid) request via a TCP connection. This attempt to free unallocated memory can result in a KDC crash and consequent denial of service. [CAN-2005-1174, VU#259798]

An unauthenticated attacker may be able to use this vulnerability to execute arbitrary code on the KDC host, potentially compromising an entire Kerberos realm. No exploit code is known to exist at this time. Exploitation of these vulnerabilities is believed to be difficult.

An unauthenticated attacker may be able to execute arbitrary code on the KDC host, potentially compromising an entire Kerberos realm. An unsuccessful attack against this heap corruption vulnerability may result in a denial of service by crashing the KDC process. According to the MIT krb5 Security Advisory 2005-002 this vulnerability affects the KDC implementation in all MIT krb5 releases supporting TCP client connections to the KDC. This includes krb5-1.3 and later releases, up to and including krb5-1.4.1.

Apply patches available from your vendor. Details of the patch are also available from

http://web.mit.edu/kerberos/advisories/2005-002-patch_1.4.1.txt.

If patching can not be performed in a timely manner you could consider disabling TCP support in the KDC to avoid this vulnerability.