Users of KDC please be advised of a uninitialized pointer crash in authorization data handling vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
MITKRB5-SA-2010-006: KDC uninitialized pointer crash in authorization data handling
SUMMARY
=======
When the MIT krb5 KDC receives certain Kerberos TGS request messages,
it may dereference an uninitialized pointer while processing
authorization data, causing a crash, or in rare cases, unauthorized
information disclosure, ticket modification, or execution of arbitrary
code. The crash may be triggered by legitimate requests.
This is an implementation vulnerability in MIT krb5, and not a
vulnerability in the Kerberos protocol.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/bzc9G4
No comments:
Post a Comment