Status Tracking Note TRTA08-079B

MIT Kerberos Updates for Multiple Vulnerabilities

The MIT Kerberos implementation contains several vulnerabilities. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, compromise the key database or cause a denial of service on a vulnerable system.

Event Information

Date (UTC)	Description
2008-03-19 16:28	US-CERT TA08-079B: MIT Kerberos Updates for Multiple Vulnerabilities Via US-CERT Mailing List
2008-03-19 11:41	US-CERT MIT Kerberos Security Advisories US-CERT Current Activity MIT has released two Security Advisories to address multiple vulnerabilities in Kerberos 5. These vulnerabilities affect krb4-enabled KDC servers and the GSS RPC library used by kadmind. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code, obtain sensitive information, or cause a denial of service condition.
2008-03-18 18:00	MIT MIT krb5 Security Advisory 2008-002: array overrun in RPC library used by kadmind Use of high-numbered file descriptors in the RPC library, used by kadmind, can cause references past the end of an array.


Date first published (UTC):	2008-03-22T16:59+00:00
Date last updated (UTC):	2008-03-22T16:59+00:00