Slashdot Mirror

← Back to Stories (view on slashdot.org)

MIT Warns of Critical Vulnerabilities in Kerberos 5

Posted by CowboyNeal on from the heightened-state-of-alertness dept.

kinrowan writes "MIT, inventor of Kerberos, has announced a pair of vulnerabities in the software that will allow an attacker to either execute a DOS attack or execute code on the machine. Some details of the story are at SearchSecurity as well as ComputerWeekly. Details of the advisories themselves are also available. The vulnerabilities also affect the VPN 3000 line of Cisco VPN concentrators."

7 of 100 comments (clear)

  1. vulnerability in the implementation by BigHungryJoe · · Score: 5, Informative

    These are vulnerabilities in a particular implementation of K5, not in Kerberos itself. I think it's an important distinction.

  2. Link for those who run mandrake by Anonymous Coward · · Score: 4, Informative
    Here's a link to the security bulletin by mandrake:

    http://www.mandrakesoft.com/security/advisories?na me=MDKSA-2004:088

  3. VPN 3000 boxes not vulnerable by caluml · · Score: 4, Informative
    The vulnerabilities also affect the VPN 3000 line of Cisco VPN concentrators.

    Only if they're configured to authenticate against a KDC. From the Cisco advisory:
    Cisco VPN 3000 Series Concentrators not authenticating users against a Kerberos Key Distribution Center (KDC) are not impacted.

    --
    Get your own free personal location tracker
  4. Re:Affects Redhat, mandrake, mac OS X sun by Dop · · Score: 5, Informative

    The Kerberos Dialogue should help explain a little bit about what Kerberos is. I like it because it shows why certain design decisions were made.

    I don't believe anyone has mentioned it yet, but so far I haven't heard that the Heimdal Kerberos distribution is affected.

  5. Re:It's a double free, not easy to exploit by AaronMB · · Score: 5, Informative

    It's pretty complicated to do (compared to the ease of stack based exploits). However, it is possible. This site has a good explanation/example of a double-free exploit(against CVS).
    -Aaron

  6. Re:Wonder if Windows Kerberos will be affected? by oddityfds · · Score: 4, Informative
    Doesn't SSH, and public-key based authentication pretty much make the whole thing irrelevant?
    No. You still need another infrastructure to get single sign on while avoiding having to passwords to remote hosts and to be able to detect MITM attacks. A PKI will get you some of that, but you'd still need to deal with storing private keys somewhere and figure out how to forward credentials.

    Kerberos is good and can be used in an intuitive way in many applications. For everything else, there's nothing stopping you from also using SSH or SSL and (Kerberos) password authentication or even public-key authentication.

  7. Re:It's a double free, not easy to exploit by ca1v1n · · Score: 4, Informative

    OpenSSH's privilege escalation vulnerability was due to a double free bug. Thus, the only root exploit in the default install to ever have been found in OpenBSD was due to a double free. The zlib vulnerability, which affects a whole bunch of programs that link with zlib, was also a double free bug. It's not something that typically gets taught in undergrad CS courses, like buffer overrun, but it's not unheard of for it to be exploited.

    --
    WARNING: there is a trojan on your