Secunia Security Advisory - Gael Delalleau has reported two vulnerabilities in Kerberos V5, which can be exploited by malicious people to compromise a vulnerable system.
8d77c0524576df8beefe2fa2340b441c05a2f186b4492e6fd771811835f33ac6
----------------------------------------------------------------------
Want a new IT Security job?
Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
MIT Kerberos Telnet Client Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID:
SA14745
VERIFY ADVISORY:
http://secunia.com/advisories/14745/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Kerberos V5
http://secunia.com/product/556/
DESCRIPTION:
Gael Delalleau has reported two vulnerabilities in Kerberos V5, which
can be exploited by malicious people to compromise a vulnerable
system.
1) A boundary error in the "slc_add_reply()" function in the included
telnet client when handling LINEMODE suboptions can be exploited to
cause buffer overflow via a specially crafted reply containing a
large number of SLC (Set Local Character) commands.
2) A boundary error in the "env_opt_add()" function in the included
telnet client when handling NEW-ENVIRON suboptions can be exploited
to cause a heap-based buffer overflow via a specially crafted reply
containing a large number of characters that need escaping.
Successful exploitation allows execution of arbitrary code, but
requires that a user connects to a malicious server with the
vulnerable telnet client.
The vulnerabilities affect versions up to and including release
krb5-1.4.
SOLUTION:
Apply patch:
http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt
http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt.asc
PROVIDED AND/OR DISCOVERED BY:
Gaƫl Delalleau
ORIGINAL ADVISORY:
MIT:
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-001-telnet.txt
iDEFENSE:
http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------