• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: MIT Kerberos5 kadmind Excessive File Descriptors Multiple Remote Code Execution Vulnerabilities

Severity: CRITICAL

Description:

Kerberos is a network-authentication protocol; 'kadmind' (Kerberos Administration Daemon) is the administration server for Kerberos networks.

The 'kadmind' server is prone to multiple remote code-execution vulnerabilities because of array overruns in the RPC library 'libgssprc'. High-numbered file descriptors can cause references past the bounds of an array, resulting in memory corruption.

Exploiting these issues may allow attackers to execute arbitrary code with superuser privileges, facilitating in the complete compromise of affected computers. Failed attempts will cause crashes and deny service to legitimate users of the application.

Note that a compromise of a Master KDC (Key Distribution Center) principal and policy server will affect multiple hosts that use the server for authentication, potentially contributing to their compromise as well.

These issues affect:

- krb5-1.4 through krb5-1.63, where configurations allow large numbers of open file descriptors.
- krb5-1.2.2 through krb5-1.3, where '<unistd.h>' does not define FD_SETSIZE. Note that this is likely the case in many GNU/Linux distributions; Solaris 10 and Mac OS X 10.4 may be unaffected.

Affected Products:

• Avaya AES 3.1.4
• Conectiva Linux 8.0.0
• Debian Linux 3.0.0
• Debian Linux 3.0.0 alpha
• Debian Linux 3.0.0 arm
• Debian Linux 3.0.0 hppa
• Debian Linux 3.0.0 ia-32
• Debian Linux 3.0.0 ia-64
• Debian Linux 3.0.0 m68k
• Debian Linux 3.0.0 mips
• Debian Linux 3.0.0 mipsel
• Debian Linux 3.0.0 ppc
• Debian Linux 3.0.0 s/390
• Debian Linux 3.0.0 sparc
• Debian Linux 3.1.0
• Debian Linux 3.1.0 alpha
• Debian Linux 3.1.0 amd64
• Debian Linux 3.1.0 arm
• Debian Linux 3.1.0 hppa
• Debian Linux 3.1.0 ia-32
• Debian Linux 3.1.0 ia-64
• Debian Linux 3.1.0 m68k
• Debian Linux 3.1.0 mips
• Debian Linux 3.1.0 mipsel
• Debian Linux 3.1.0 ppc
• Debian Linux 3.1.0 s/390
• Debian Linux 3.1.0 sparc
• Debian Linux 4.0
• Debian Linux 4.0 alpha
• Debian Linux 4.0 amd64
• Debian Linux 4.0 arm
• Debian Linux 4.0 hppa
• Debian Linux 4.0 ia-32
• Debian Linux 4.0 ia-64
• Debian Linux 4.0 m68k
• Debian Linux 4.0 mips
• Debian Linux 4.0 mipsel
• Debian Linux 4.0 powerpc
• Debian Linux 4.0 s/390
• Debian Linux 4.0 sparc
• Gentoo Linux
• MIT Kerberos 5 1.2.2
• MIT Kerberos 5 1.2.2 -beta1
• MIT Kerberos 5 1.2.3
• MIT Kerberos 5 1.2.4
• MIT Kerberos 5 1.2.5
• MIT Kerberos 5 1.2.6
• MIT Kerberos 5 1.2.7
• MIT Kerberos 5 1.2.8
• MIT Kerberos 5 1.3.0
• MIT Kerberos 5 1.3.0 -alpha1
• MIT Kerberos 5 1.4.0
• MIT Kerberos 5 1.4.1
• MIT Kerberos 5 1.4.2
• MIT Kerberos 5 1.4.3
• MIT Kerberos 5 1.5.0
• MIT Kerberos 5 1.5.1
• MIT Kerberos 5 1.5.2
• MIT Kerberos 5 1.5.3
• MIT Kerberos 5 1.5.4
• MIT Kerberos 5 1.5.5
• MIT Kerberos 5 1.6.0
• MIT Kerberos 5 1.6.1
• MIT Kerberos 5 1.6.2
• MIT Kerberos 5 1.6.3
• MandrakeSoft Corporate Server 2.1.0
• MandrakeSoft Corporate Server 2.1.0 x86_64
• MandrakeSoft Corporate Server 4.0
• MandrakeSoft Corporate Server 4.0.0 x86_64
• MandrakeSoft Linux Mandrake 10.0.0
• MandrakeSoft Linux Mandrake 10.0.0 amd64
• MandrakeSoft Linux Mandrake 2007.0
• MandrakeSoft Linux Mandrake 2007.0 x86_64
• MandrakeSoft Linux Mandrake 2007.1
• MandrakeSoft Linux Mandrake 2007.1 x86_64
• MandrakeSoft Linux Mandrake 2008.0
• MandrakeSoft Linux Mandrake 2008.0 x86_64
• MandrakeSoft Linux Mandrake 8.1.0
• MandrakeSoft Linux Mandrake 8.1.0 ia64
• MandrakeSoft Linux Mandrake 8.2.0
• MandrakeSoft Linux Mandrake 8.2.0 ppc
• MandrakeSoft Linux Mandrake 9.0.0
• MandrakeSoft Linux Mandrake 9.1.0
• MandrakeSoft Linux Mandrake 9.1.0 ppc
• MandrakeSoft Linux Mandrake 9.2.0
• MandrakeSoft Linux Mandrake 9.2.0 amd64
• MandrakeSoft Multi Network Firewall 2.0.0
• Novell Open Enterprise Server (OES)
• Novell Open Enterprise Server 2
• RedHat Desktop 3.0.0
• RedHat Enterprise Linux 5 server
• RedHat Enterprise Linux AS 2.1
• RedHat Enterprise Linux AS 3
• RedHat Enterprise Linux Desktop 5 client
• RedHat Enterprise Linux Desktop Workstation 5 client
• RedHat Enterprise Linux ES 2.1
• RedHat Enterprise Linux ES 3
• RedHat Enterprise Linux WS 2.1
• RedHat Enterprise Linux WS 3
• RedHat Fedora 7
• RedHat Fedora 8
• RedHat Linux 7.0.0
• RedHat Linux 7.0.0 alpha
• RedHat Linux 7.0.0 i386
• RedHat Linux 7.1.0
• RedHat Linux 7.1.0 alpha
• RedHat Linux 7.1.0 i386
• RedHat Linux 7.1.0 ia64
• RedHat Linux 7.2.0
• RedHat Linux 7.2.0 i386
• RedHat Linux 7.2.0 ia64
• RedHat Linux 7.3.0
• RedHat Linux 7.3.0 i386
• RedHat Linux 8.0.0
• RedHat Linux 8.0.0 i386
• RedHat Linux 9.0.0 i386
• RedHat Linux Advanced Workstation 2.1 for the Ita 2.1.0 IA64
• S.u.S.E. Linux Personal 10.1
• S.u.S.E. Linux Professional 10.1
• S.u.S.E. SLE SDK 10.SP1
• S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
• S.u.S.E. SUSE Linux Enterprise Server 10 SP1
• S.u.S.E. openSUSE 10.2
• S.u.S.E. openSUSE 10.3
• Turbolinux Home
• Turbolinux Turbolinux 10 F...
• Turbolinux Turbolinux Desktop 10.0.0
• Turbolinux Turbolinux Server 11
• Turbolinux Turbolinux Server 11 x64
• Turbolinux Turbolinux Server 8.0.0
• Ubuntu Ubuntu Linux 6.06 LTS amd64
• Ubuntu Ubuntu Linux 6.06 LTS i386
• Ubuntu Ubuntu Linux 6.06 LTS powerpc
• Ubuntu Ubuntu Linux 6.06 LTS sparc
• Ubuntu Ubuntu Linux 6.10 amd64
• Ubuntu Ubuntu Linux 6.10 i386
• Ubuntu Ubuntu Linux 6.10 powerpc
• Ubuntu Ubuntu Linux 6.10 sparc
• Ubuntu Ubuntu Linux 7.04 amd64
• Ubuntu Ubuntu Linux 7.04 i386
• Ubuntu Ubuntu Linux 7.04 powerpc
• Ubuntu Ubuntu Linux 7.04 sparc
• Ubuntu Ubuntu Linux 7.10 amd64
• Ubuntu Ubuntu Linux 7.10 i386
• Ubuntu Ubuntu Linux 7.10 powerpc
• Ubuntu Ubuntu Linux 7.10 sparc
• VMWare ESX Server 2.5.4
• VMWare ESX Server 2.5.4 Patch 1
• VMWare ESX Server 2.5.4 Patch 10
• VMWare ESX Server 2.5.4 Patch 16
• VMWare ESX Server 2.5.4 Patch 17
• VMWare ESX Server 2.5.4 Patch 3
• VMWare ESX Server 2.5.4 Patch 5
• VMWare ESX Server 2.5.4 patch 13
• VMWare ESX Server 2.5.4 patch 15
• VMWare ESX Server 2.5.5
• VMWare ESX Server 2.5.5 patch 2
• VMWare ESX Server 2.5.5 patch 4
• VMWare ESX Server 2.5.5 patch 6
• VMWare ESX Server 3.0.1
• VMWare ESX Server 3.0.2
• VMWare ESX Server 3.5
• WireX Immunix OS 7+
• rPath Appliance Platform Linux Service 1
• rPath rPath Linux 1

References:

• Avaya: ASA-2008-144 krb5 security update (RHSA-2008-0181)
• MIT: Kerberos Homepage
• Novell: 5022520: novell-kerberos 20080331
• Novell: 5022542: novell-kerberos 20080331
• Red Hat: RHSA-2008:0164-6 Critical: krb5 security and bugfix update
• Red Hat: RHSA-2008:0181-3 Critical: krb5 security update
• US-CERT: VU#374121 MIT Kerberos contains array overrun in RPC library used by kadmind

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.