37977

1023392

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-003.txt

20091228 MITKRB5-SA-2009-003 [CVE-2009-3295] KDC denial of service in cross-realm referral processing

37486

ADV-2009-3652

Jeff Blaine, Radoslav Bodo, Jakob Haufe, and Jorgen Wahlsten discovered that the Kerberos Key Distribution Center service did not correctly verify certain network traffic. An unauthenticated remote attacker could send a specially crafted request that would cause the KDC to crash, leading to a denial of service.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201201-13 (MIT Kerberos 5: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker may be able to execute arbitrary code with the       privileges of the administration daemon or the Key Distribution Center       (KDC) daemon, cause a Denial of Service condition, or possibly obtain       sensitive information. Furthermore, a remote attacker may be able to       spoof Kerberos authorization, modify KDC responses, forge user data       messages, forge tokens, forge signatures, impersonate a client, modify       user-visible prompt text, or have other unspecified impact.
  Workaround :

    There is no known workaround at this time.

This update incorporates the upstream patches to fix CVE-2009-3295, a remotely- triggerable crash in the KDC. This update also addresses some packaging bugs, makes changes to the PAM support in ksu, and backports a change which allows GSSAPI acceptors to store delegated Kerberos credentials in credential caches when clients use SPNEGO.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer underflow that leads to heap memory corruption (CVE-2009-4212). This has been fixed.

Specially crafted ticket requests could crash the kerberos server (CVE-2009-3295).

Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer underflow that leads to heap memory corruption (CVE-2009-4212).

Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer overflow leads to heap memory corruption (CVE-2009-4212).

ID	Name	Product	Family	Severity
65120	Ubuntu 9.10 : krb5 vulnerability (USN-879-1)	Nessus	Ubuntu Local Security Checks	medium
57655	GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
44880	Fedora 12 : krb5-1.7-15.fc12 (2009-13539)	Nessus	Fedora Local Security Checks	medium
44092	SuSE 11 Security Update : Kerberos 5 (SAT Patch Number 1796)	Nessus	SuSE Local Security Checks	critical
44090	openSUSE Security Update : krb5 (krb5-1792)	Nessus	SuSE Local Security Checks	critical
44088	openSUSE Security Update : krb5 (krb5-1795)	Nessus	SuSE Local Security Checks	critical
44086	openSUSE Security Update : krb5 (krb5-1795)	Nessus	SuSE Local Security Checks	critical

CVE-2009-3295

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

medium

medium

medium

critical

critical

critical

critical