MIT Warns of Critical Vulnerabilities in Kerberos 5

← Back to Stories (view on slashdot.org)

MIT Warns of Critical Vulnerabilities in Kerberos 5

Posted by CowboyNeal on Saturday September 4, 2004 @03:07AM from the heightened-state-of-alertness dept.

kinrowan writes "MIT, inventor of Kerberos, has announced a pair of vulnerabities in the software that will allow an attacker to either execute a DOS attack or execute code on the machine. Some details of the story are at SearchSecurity as well as ComputerWeekly. Details of the advisories themselves are also available. The vulnerabilities also affect the VPN 3000 line of Cisco VPN concentrators."

15 of 100 comments (clear)

Min score:

Reason:

Sort:

What? by Saturn+SL1-WNY · 2004-09-04 03:08 · Score: 5, Funny

What doesn't cause a DoS attack now adays? If DOS still stood for Disk Operating System, and we all used that, we'd be safe.
This is old news. by Anonymous Coward · 2004-09-04 03:10 · Score: 3, Informative

Mandrake already has security updates for the vulnerabilities. That article is from Aug 31st... It's now September 4th.
Oh well, guess we had a lot of news going on the past few days...
1. Re:This is old news. by dr_dank · 2004-09-04 04:26 · Score: 3, Funny
  
  Oh well, guess we had a lot of news going on the past few days...
  
  Slashdot is still in an uproar over the revelation of the Ewok movies coming to DVD. What did you expect?
  
  --
  Where does the school board find them and why do they keep sending them to ME?
vulnerability in the implementation by BigHungryJoe · 2004-09-04 03:11 · Score: 5, Informative

These are vulnerabilities in a particular implementation of K5, not in Kerberos itself. I think it's an important distinction.
1. Re:vulnerability in the implementation by k98sven · 2004-09-04 03:44 · Score: 3, Informative
  
  Yes. Although MIT kerberos is the most used one. (on *ix platforms.)
  
  Another one is Heimdal.
  
  And of course, the Microsoft-tweaked Windows 2000 Kerberos.
How about in 2K and XP by newandyh-r · 2004-09-04 03:13 · Score: 3, Interesting

Microsoft's directory service has "embraced and extended" Kerberos ... does it also have this vulnerability?
Link for those who run mandrake by Anonymous Coward · 2004-09-04 03:16 · Score: 4, Informative

Here's a link to the security bulletin by mandrake:
http://www.mandrakesoft.com/security/advisories?na me=MDKSA-2004:088
It's a double free, not easy to exploit by Beryllium+Sphere(tm) · 2004-09-04 03:20 · Score: 4, Insightful

Has anyone seen exploit code in the wild yet?
1. Re:It's a double free, not easy to exploit by AaronMB · 2004-09-04 03:52 · Score: 5, Informative
  
  It's pretty complicated to do (compared to the ease of stack based exploits). However, it is possible. This site has a good explanation/example of a double-free exploit(against CVS).
  -Aaron
2. Re:It's a double free, not easy to exploit by ca1v1n · 2004-09-04 04:29 · Score: 4, Informative
  
  OpenSSH's privilege escalation vulnerability was due to a double free bug. Thus, the only root exploit in the default install to ever have been found in OpenBSD was due to a double free. The zlib vulnerability, which affects a whole bunch of programs that link with zlib, was also a double free bug. It's not something that typically gets taught in undergrad CS courses, like buffer overrun, but it's not unheard of for it to be exploited.
  
  --
  WARNING: there is a trojan on your
VPN 3000 boxes not vulnerable by caluml · 2004-09-04 03:21 · Score: 4, Informative

The vulnerabilities also affect the VPN 3000 line of Cisco VPN concentrators.
Only if they're configured to authenticate against a KDC. From the Cisco advisory:
Cisco VPN 3000 Series Concentrators not authenticating users against a Kerberos Key Distribution Center (KDC) are not impacted.

--
Get your own free personal location tracker
Wonder if Windows Kerberos will be affected? by caluml · 2004-09-04 03:23 · Score: 4, Interesting

It would be interesting if the Windows implementation of Kerberos used in AD was vulnerable too. Apart from MIT, and Windows, who uses Kerberos nowadays? Doesn't SSH, and public-key based authentication pretty much make the whole thing irrelevant?

--
Get your own free personal location tracker
1. Re:Wonder if Windows Kerberos will be affected? by oddityfds · 2004-09-04 03:54 · Score: 4, Informative
  
  Doesn't SSH, and public-key based authentication pretty much make the whole thing irrelevant?
  No. You still need another infrastructure to get single sign on while avoiding having to passwords to remote hosts and to be able to detect MITM attacks. A PKI will get you some of that, but you'd still need to deal with storing private keys somewhere and figure out how to forward credentials.
  Kerberos is good and can be used in an intuitive way in many applications. For everything else, there's nothing stopping you from also using SSH or SSL and (Kerberos) password authentication or even public-key authentication.
Re:Affects Redhat, mandrake, mac OS X sun by Dop · 2004-09-04 03:51 · Score: 5, Informative

The Kerberos Dialogue should help explain a little bit about what Kerberos is. I like it because it shows why certain design decisions were made.

I don't believe anyone has mentioned it yet, but so far I haven't heard that the Heimdal Kerberos distribution is affected.
Re:Maybe they should..... by inburito · 2004-09-04 03:51 · Score: 3, Insightful

Umm.. most of the .mit.edu computers are students' own dorm room computers. Mit doesn't care what people do with them unless they start disrupting the network operations.

It is a pretty good deal with a fixed ip address, your own mit-domain name and a direct hookup without any extra firewalls or nats. I know I like mine. However, smarter than average kids do not necessarily good sys admins make. A hack on an "mit"-computer seems to enjoy questionable prestige especially in asia even though nobody ever hacks the university's computers.. just random people's personal ones. What's so great about defacing some bio-major's laptop..