| VID |
14007 |
| Severity |
40 |
| Port |
543 |
| Protocol |
TCP |
| Class |
KERBEROS |
| Detailed Description |
Serious buffer overrun vulnerabilities exist in many implementations of Kerberos 4, including implementations included for backwards compatibility in Kerberos 5 implementations. Other less serious buffer overrun vulnerabilities have also been discovered. ALL KNOWN KERBEROS 4 IMPLEMENTATIONS derived from MIT sources are believed to be vulnerable.
< IMPACT >
- A remote user may gain unauthorized root access to a machine running services authenticated with Kerberos 4.
- A remote user may gain unauthorized root access to a machine running krshd, regardless of whether the program is configured to accept Kerberos 4 authentication.
- A local user may gain unauthorized root access by exploiting v4rcp or ksu.
* References:
http://www.cert.org/advisories/CA-2000-06.html
http://www.securiteam.com/exploits/5EP000A1QU.html
http://www.iss.net/security_center/static/5734.php |
| Recommendation |
Upgrade to release krb5-1.2 or newer from MIT, or patch.
< Patches >
http://www.cert.org/advisories/CA-2000-06/mit_10x_patch.txt
http://www.cert.org/advisories/CA-2000-06/mit_111_patch.txt |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
