Status Tracking Note TRTA08-079B

MIT Kerberos Updates for Multiple Vulnerabilities

Overview

The MIT Kerberos implementation contains several vulnerabilities. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, compromise the key database or cause a denial of service on a vulnerable system.
Event Information


Date (UTC)Description
2008-03-19 16:28 US-CERT
TA08-079B: MIT Kerberos Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2008-03-19 11:41 US-CERT
MIT Kerberos Security Advisories
US-CERT Current Activity
MIT has released two Security Advisories to address multiple vulnerabilities in Kerberos 5. These vulnerabilities affect krb4-enabled KDC servers and the GSS RPC library used by kadmind. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code, obtain sensitive information, or cause a denial of service condition.
2008-03-18 18:00 MIT
MIT krb5 Security Advisory 2008-002: array overrun in RPC library used by kadmind
Use of high-numbered file descriptors in the RPC library, used by kadmind, can cause references past the end of an array.


Date first published (UTC): 2008-03-22T16:59+00:00
Date last updated (UTC): 2008-03-22T16:59+00:00