Overview
A vulnerability exists in MIT Kerberos V5 Key Distribution Center that may allow attackers to crash multiple KDC servers within the same realm.
Description
The MIT Kerberos V5 Key Distribution Center (KDC) contains a vulnerability that allows certain protocol requests to crash the KDC by triggering a null pointer dereference. Requests of this form are compliant with the Kerberos protocol, but unlikely to occur in properly configured clients. When this type of crash occurs, the client will attempt to contact other KDCs in the same realm, causing them to crash as well. This vulnerability is believed to be limited TGS-REQ exchanges, which require the client to be authenticated. Therefore, to exploit this vulnerability, attackers must authenticate using a valid user name and password. |
Impact
Authenticated attackers can crash one or more KDCs in a given realm. |
Solution
This vulnerability was addressed in MIT Kerberos V5 1.2.5, released on April 30, 2002. MIT krb5 Security Advisory 2003-001 provides additional information from MIT and is available at: |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
The CERT/CC thanks Greg Pryzby for discovering this vulnerability and Ken Raeburn of MIT for bringing it to our attention.
This document was written by Jeffrey P. Lanza.
Other Information
| CVE IDs: | CVE-2003-0058 |
| Severity Metric: | 1.23 |
| Date Public: | 2002-09-16 |
| Date First Published: | 2002-09-16 |
| Date Last Updated: | 2003-04-04 20:03 UTC |
| Document Revision: | 30 |