Another patch for MIT Kerberos
A patch for the MIT's Kerberos 5 implementation is to fix integer underflows in the functions for decrypting AES and RC4 ciphertexts. The flaw can reportedly be provoked remotely by sending specially crafted ciphertexts which can, for instance, cause the Key Distribution Center (KDC) to crash. In very rare circumstances, the flaw is also said to allow the injection and execution of code. Reportedly, the exploitability of the flaw is marginally higher if the attacker holds a valid account in a Kerberos domain (realm).
All versions from krb5-1.3 are affected. The patch is available for krb5-1.6 and krb5-1.7. Updates krb5-1.6.4 and krb5-1.7.1, which are soon to be released, also fix the flaw. Until then, users need to manually install the patches for aes.c and arcfour.c and recompile Kerberos themselves. The updates are gradually becoming overdue, as they are also scheduled to close a null-pointer dereference vulnerability already publicised in early January. So far, only a patch has become available to fix this hole.
- Integer underflow in AES and RC4 decryption, security advisory from Kerberos.
- DoS vulnerability patched in MIT Kerberos, a report from The H.