• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: MIT Kerberos Administration Daemon Free Pointers Remote Code Execution Vulnerability

Severity: CRITICAL

Description:

MIT Kerberos 5 is a suite of applications and libraries designed to implement the Kerberos network-authentication protocol. It is freely available and operates on numerous platforms.

MIT Kerberos 5 is prone to a remote code-execution vulnerability.

This issue occurs because of memory-management problems in the 'mechglue' abstraction interface of the GSS-API implementation.

Specifically, the vulnerability resides in the 'log_badverf()' function in the 'kadmind' administration daemon. The affected function calls the 'gss_display_name()' function but fails to initialize structures that are being passed as parameters and also fails to check its return value. This may result in certain error conditions that are logged and the uninitialized structures freed, resulting in memory corruption.

An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will likely result in denial-of-service conditions.

This issue also affects third-party applications using the affected API.

Affected Products:

• Gentoo Linux
• MIT Kerberos 5 1.5.0
• MIT Kerberos 5 1.5.1
• OpenPKG OpenPKG 2-Stable-20061018
• OpenPKG OpenPKG Current
• OpenPKG OpenPKG E1.0-Solid
• OpenPKG OpenPKG Stable
• RedHat Fedora Core5
• RedHat Fedora Core6
• SuSE Linux 10.0
• SuSE Linux 10.1
• SuSE Linux 9.3
• SuSE SLED 10.0
• SuSE SLES 10
• Sun Solaris 10.0
• Sun Solaris 10.0_x86
• Sun Solaris 8
• Sun Solaris 8_x86
• Sun Solaris 9
• Sun Solaris 9_x86
• rPath rPath Linux 1

References:

• CERT: Vulnerability Note VU#831452
• MIT: MIT krb5 Security Advisory 2006-003
• MIT: Kerberos Homepage
• OpenPKG: OpenPKG-SA-2007.006
• RedHat: Fedora Core 5 Update: krb5-1.4.3-5.3
• RedHat: Fedora Core 6 Update: krb5-1.5-13
• Sun: Solution 201294: Third-party Applications Using GSS-API May Be Vulnerable to Com
• Sun Microsystems: Sun Microsystems 102772 :Third-party Applications Using GSS-API May Be Vulnerabl

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.