• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: KTH Kerberos 4 Buffer Overflow Vulnerability

Severity: MODERATE

Description:

Kerberos is a widely used network service authentication system. The version of Kerberos developed and maintained by KTH (Swedish Royal Institute of Technology) contains a buffer overflow vulnerability that may allow/assist in a local or remote root compromise.

When a service using KTH Kerberos 4 recieves a response from a Kerberos server during the authentication process, it performs a memory copy of data contained within the packet to a buffer of predefined size on the process' stack. The amount of data to be copied is supplied externally, in the response packet. If this length value is greater than the number of bytes allocated for the destination buffer, a stack overflow can occur when the copy is performed.

It may be possible for an attacker to exploit this and gain root access on the host running the Kerberos-enabled service in the traditional buffer overflow manner. In order to do so, the attacker would have to have control of the Kerberos server for the target host or be able to send malicious malformed replies. The latter may be possible with the aid of another vulnerability in KTH Kerberos 4, allowing unauthenticated remote clients to specify a proxy server for the Kerberos Server (see Bugtraq ID 2090).

Affected Products:

• KTH Kerberos 4 0.0.00.0
• KTH Kerberos 4 0.1.0
• KTH Kerberos 4 0.10.0
• KTH Kerberos 4 0.10.1
• KTH Kerberos 4 0.5.0
• KTH Kerberos 4 0.6.0
• KTH Kerberos 4 0.7.0
• KTH Kerberos 4 0.8.0
• KTH Kerberos 4 0.9.0
• KTH Kerberos 4 0.9.1
• KTH Kerberos 4 0.9.2
• KTH Kerberos 4 0.9.2a
• KTH Kerberos 4 0.9.3
• KTH Kerberos 4 0.9.5
• KTH Kerberos 4 0.9.6
• KTH Kerberos 4 0.9.6+patches
• KTH Kerberos 4 0.9.7
• KTH Kerberos 4 0.9.8
• KTH Kerberos 4 0.9.9
• KTH Kerberos 4 1.0.0
• KTH Kerberos 4 1.0.0-1.0.1
• KTH Kerberos 4 1.0.1
• KTH Kerberos 4 1.0.1-1
• KTH Kerberos 4 1.0.2
• KTH Kerberos 4 1.0.3
• KTH Kerberos 4 1.0.3-1
• KTH Kerberos 4 1.0.3-1.0

References:

• Swedish Royal Institute of Technology: KTH Kerberos Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.