In association with heise online

04 January 2010, 15:15

DoS vulnerability patched in MIT Kerberos

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

An update for the MIT's Kerberos 5 implementation fixes a null-pointer dereference vulnerability that allows attackers to remotely crash the Key Distribution Center (KDC). According to an advisory by the MIT, sending a specially crafted client request to the KDC is all that is required to exploit the vulnerability.

The prep_reprocess_req() function, which is responsible for the bug, was only introduced in the current version krb5-1.7 of MIT Kerberos; previous versions are, therefore, not vulnerable. The imminent update krb5-1.7.1 will fix the flaw. A patch is already available.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit