exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SPNEGO Denial Of Service

SPNEGO Denial Of Service
Posted Mar 23, 2010
Site web.mit.edu

MIT krb5 Security Advisory 2010-002 - In MIT krb5 releases krb5-1.7 and later, the SPNEGO GSS-API mechanism can experience an assertion failure when receiving certain invalid messages. This can cause a GSS-API application to crash.

tags | advisory
advisories | CVE-2010-0628
SHA-256 | 8b74aaf71f23d59e52c2c5e99d47fcfed5c74bdf28f1258ddc4c501fa74f3d46

SPNEGO Denial Of Service

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MITKRB5-SA-2010-002

MIT krb5 Security Advisory 2010-002
Original release: 2010-03-23
Last update: 2010-03-23

Topic: denial of service in SPNEGO

CVE-2010-0628
VU#839413
denial of service in SPNEGO

CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C

CVSSv2 Base Score: 7.8

Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Complete

CVSSv2 Temporal Score: 6.1

Exploitability: Proof-of-Concept
Remediation Level: Official Fix
Report Confidence: Confirmed

SUMMARY
=======

In MIT krb5 releases krb5-1.7 and later, the SPNEGO GSS-API mechanism
can experience an assertion failure when receiving certain invalid
messages. This can cause a GSS-API application to crash.

This is an implementation vulnerability in MIT krb5, and not a
vulnerability in the Kerberos protocol.

IMPACT
======

An unauthenticated remote attacker could cause a GSS-API application,
including the Kerberos administration daemon (kadmind) to crash.

AFFECTED SOFTWARE
=================

* kadmind in MIT releases krb5-1.7 and later

* FTP daemon in MIT releases krb5-1.7 and later

* Third-party software using the GSS-API library from MIT krb5
releases krb5-1.7 and later

* MIT releases prior to krb5-1.7 did not contain the vulnerable code.

FIXES
=====

* The upcoming krb5-1.7.2 and krb5-1.8.1 releases will contain fixes
for this vulnerability.

* Apply the patch available at

http://web.mit.edu/kerberos/advisories/2010-002-patch.txt

A PGP-signed patch is available at

http://web.mit.edu/kerberos/advisories/2010-002-patch.txt.asc

REFERENCES
==========

This announcement is posted at:

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt

This announcement and related security advisories may be found on the
MIT Kerberos security advisory page at:

http://web.mit.edu/kerberos/advisories/index.html

The main MIT Kerberos web page is at:

http://web.mit.edu/kerberos/index.html

CVSSv2:

http://www.first.org/cvss/cvss-guide.html
http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2

CVE: CVE-2010-0628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0628

CERT: VU#839413
http://www.kb.cert.org/vuls/id/839413

ACKNOWLEDGMENTS
===============

Thanks to Nalin Dahyabhai, Jan iankko Lieskovsky, and Zbysek Mraz (all
from Red Hat) for discovering and reporting this vulnerability.

CONTACT
=======

The MIT Kerberos Team security contact address is
<krbcore-security@mit.edu>. When sending sensitive information,
please PGP-encrypt it using the following key:

pub 2048R/8B8DF501 2010-01-15 [expires: 2011-02-01]
uid MIT Kerberos Team Security Contact <krbcore-security@mit.edu>

DETAILS
=======

A patch to fix CVE-2009-0845 interacted poorly with new functionality
introduced in krb5-1.7. This allowed an error condition to occur
where receiving an invalid packet could cause an assertion failure,
crashing the program and causing denial of service.

When the spnego_gss_accept_sec_context() function (in
src/lib/gssapi/spnego/spnego_mech.c) receives an invalid packet during
the beginning of a GSS-API protocol exchange, it can set some internal
state that tells it to send an error token without first creating a
context handle, but some subsequently executed code contains a call to
assert() that requires that the context handle be non-null.

REVISION HISTORY
================

2010-03-23 original release

Copyright (C) 2010 Massachusetts Institute of Technology
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)

iEYEARECAAYFAkupAZsACgkQSO8fWy4vZo4ETACgn9xRUl3CTCiRd2vF1PBOaQ8b
EfUAoPz32NUU/mk+H8kej8fWQFo3iwcZ
=LHMP
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    47 Files
  • 25
    Jul 25th
    31 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close