• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Multiple Vendor Kerberos 4 Temporary File Race Condition Vulnerability

Severity: MODERATE

Description:

Kerberos is a widely used network service authentication system. The version of Kerberos developed and maintained by KTH (Swedish Royal Institute of Technology) contains a local /tmp race condition vulnerability. Unfixed versions of MIT Kerberos 4 and 5, Cygnus Network Security (Kerberos 4) and Kerbnet (Kerberos 5) also suffer from an analogous problem in the krb4 library.

The Kerberos system, when creating tickets, uses temporary files in the /tmp directory. The names of these files are reportedly predictable and can be anticipated by attackers. If a symbolic link were to exist in /tmp with a correctly guessed filename when Kerberos is creating tickets, the symbolic link would be followed and whatever it pointed to would be written to. The target file pointed to by the symbolic link would be written to as root.

If a system-critical file were to be overwritten/corrupted, a denial of service may occur.

Affected Products:

• Cygnus Cygnus Network Security 4.0.0.x
• Cygnus KerbNet 5.0.0.x
• KTH Kerberos 4 0.0.00.0
• KTH Kerberos 4 0.1.0
• KTH Kerberos 4 0.10.0
• KTH Kerberos 4 0.10.1
• KTH Kerberos 4 0.5.0
• KTH Kerberos 4 0.6.0
• KTH Kerberos 4 0.7.0
• KTH Kerberos 4 0.8.0
• KTH Kerberos 4 0.9.0
• KTH Kerberos 4 0.9.1
• KTH Kerberos 4 0.9.2
• KTH Kerberos 4 0.9.2a
• KTH Kerberos 4 0.9.3
• KTH Kerberos 4 0.9.5
• KTH Kerberos 4 0.9.6
• KTH Kerberos 4 0.9.6+patches
• KTH Kerberos 4 0.9.7
• KTH Kerberos 4 0.9.8
• KTH Kerberos 4 0.9.9
• KTH Kerberos 4 1.0.0
• KTH Kerberos 4 1.0.0-1.0.1
• KTH Kerberos 4 1.0.1
• KTH Kerberos 4 1.0.1-1
• KTH Kerberos 4 1.0.2
• KTH Kerberos 4 1.0.3
• KTH Kerberos 4 1.0.3-1
• KTH Kerberos 4 1.0.3-1.0
• MIT Kerberos 4 4.0.0
• MIT Kerberos 4 4.0.0 patch 10
• MIT Kerberos 5 1.2.1
• MIT Kerberos 5 5.0.0 -1.0.x
• MIT Kerberos 5 5.0.0 -1.1
• MIT Kerberos 5 5.0.0 -1.1.1
• MIT Kerberos 5 5.0.0 -1.2beta1
• MIT Kerberos 5 5.0.0 -1.2beta2

References:

• MIT: Kerberos Homepage
• Swedish Royal Institute of Technology: KTH Kerberos Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.