Slashdot Mirror

← Back to Stories (view on slashdot.org)

MIT Warns of Critical Vulnerabilities in Kerberos 5

Posted by CowboyNeal on from the heightened-state-of-alertness dept.

kinrowan writes "MIT, inventor of Kerberos, has announced a pair of vulnerabities in the software that will allow an attacker to either execute a DOS attack or execute code on the machine. Some details of the story are at SearchSecurity as well as ComputerWeekly. Details of the advisories themselves are also available. The vulnerabilities also affect the VPN 3000 line of Cisco VPN concentrators."

6 of 100 comments (clear)

  1. How about in 2K and XP by newandyh-r · · Score: 3, Interesting

    Microsoft's directory service has "embraced and extended" Kerberos ... does it also have this vulnerability?

  2. Wonder if Windows Kerberos will be affected? by caluml · · Score: 4, Interesting

    It would be interesting if the Windows implementation of Kerberos used in AD was vulnerable too. Apart from MIT, and Windows, who uses Kerberos nowadays? Doesn't SSH, and public-key based authentication pretty much make the whole thing irrelevant?

    --
    Get your own free personal location tracker
    1. Re:Wonder if Windows Kerberos will be affected? by dpilot · · Score: 2, Interesting

      Windows Kerberos is a different implementation, so it shouldn't be affected.

      OTOH, as far as I can tell, MIT Kerberos is NOT under the GPL. A little quick searching and I can't really tell what license it is under, except perhaps MIT's own license. In that same look, I didn't see redistribution/modification provisions, so I have no way to know if it's more like GPL or BSD.

      So perhaps Windows Kerberos really IS based on MIT. I just don't know, and don't know how to find out. As for the implementation-dependent security of Windows Kerberos, we just don't know about that, either. Furthermore, without signing some sort of potentially-restrictive NDA, or reverse-engineering the code, it may well be unknowable. So maybe it's more secure, maybe it isn't.

      That's the point about Open Source. We know there's a flaw in the MIT implementation. We also know that there are fixes out, already.

      --
      The living have better things to do than to continue hating the dead.
  3. Re:vulnerability in the implementation by Anonymous Coward · · Score: 2, Interesting

    For example, the Microsoft implementation is not affected. (MS was maligned by certain Open Sourcers for rolling their own rather than reusing MIT -- apart from the issue of Windows using different network credentials than UNIX.)

  4. Affects Redhat, mandrake, mac OS X sun by goombah99 · · Score: 2, Interesting
    According to cnet, this affects Redhat, mandrake, mac OS X and sun but not Microsoft (who wrote their own implementation). The problem is a Double-freee which is when the same memory block is freed twice. Not quite sure how that happens or how it leads to insecurity. But apparently done properly this allows arbitrary user access but is hard to exploit.

    would some one explain what kerberos does and how it works? and how one exploits a double-free?

    --
    Some drink at the fountain of knowledge. Others just gargle.
  5. Re:vulnerability in the implementation by dpilot · · Score: 2, Interesting

    Does anyone know if Heimdal is affected?

    I've been fooling with the whole Kerberos/SASL/LDAP thing, and for the moment that means using Heimdal, because MIT isn't thread-safe. I guess newer SASL can have thread-safe locks wrapped around the Kerberos calls, but I've already got Heimdal installed.

    Heimdal can also store its keys in LDAP, kind of a Worm Ourboros. In ways it seems a little frightening, because another program has the keys to your keys, but I've seen others state that this opens up good capabilities. I need to read more. I need more time.

    --
    The living have better things to do than to continue hating the dead.