MIT Kerberos KDC Denial Of Service Vulnerability

» IDS/IPS Signatures

iPolicy Networks Security Advisory

MIT Kerberos KDC Denial Of Service Vulnerability


Date Discovered:	02/22/2010
Severity:	High
Application Affected:	MIT Kerberos 5 prior to 1.7.2 MIT Kerberos 5 1.8 alpha
Type:	Remote
Identifiers:	CVE-2010-0283

Synopsis

MIT Kerberos 5 is prone to a denial of service vulnerability, which could be exploited to cause denial of service condition on vulnerable system.

Recommended Actions

Update the patches as guided by vendor at :
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt

Threat Analysis

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. There exists a denial of service vulnerability in Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.7 before 1.7.2, and 1.8 alpha

The flaw exists due to an error in KDC when handling authorization data. Successful exploitation may allow remote attackers to crash the KDC service, resulting in a denial of service condition via an an invalid AS-REQ or TGS-REQ request.

References

http://www.securityfocus.com/bid/38260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0283
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0283

Write-up by: Dheeraj Johri

3