-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                        National Cyber Alert System

                 Technical Cyber Security Alert TA07-009B


MIT Kerberos Vulnerabilities

   Original release date: January 09, 2007
   Last revised: --
   Source: US-CERT


Systems Affected

     * MIT Kerberos

   Other products based on the GSS-API or the RPC libraries provided with
   MIT Kerberos may also be affected.


Overview

   The MIT Kerberos administration daemon contains two vulnerabilities
   that may allow a remote, unauthenticated attacker to execute arbitrary
   code.


I. Description

   We are aware of two vulnerabilities that affect the Kerberos
   administration daemon:

     * VU#481564 - Kerberos administration daemon fails to properly
       initialize function pointers
       The MIT Kerberos administration daemon contains a vulnerability in
       the way pointers are handled that may allow a remote,
       unauthenticated user to execute arbitrary code. Other server
       applications that utilize the RPC library provided with MIT
       Kerberos may also be affected. This vulnerability can be triggered
       by sending a specially crafted Kerberos packet to a vulnerable
       system. Further details about this vulnerability are available
       from the MIT Kerberos Development Team.

     * VU#831452 - Kerberos administration daemon may free uninitialized
       pointers
       The MIT Kerberos administration daemon contains a vulnerability
       that may allow an attacker to execute arbitary code. Other server
       applications that utilize the GSS-API library provided with MIT
       Kerberos may also be affected. Further details about this
       vulnerability are available from the MIT Kerberos Development
       Team.


II. Impact

   A remote, unauthenticated attacker may be able to execute arbitrary
   code resulting in the compromise of the Kerberos key database or cause
   a denial of service.


III. Solution

   These vulnerabilities are addressed in MIT krb5 Security Advisory
   2006-002 and MIT krb5 Security Advisory 2006-003. Patches for these
   issues are also included in those advisories.


IV. References

     * US-CERT Vulnerability Note VU#481564 -
       <http://www.kb.cert.org/vuls/id/481564>
     * US-CERT Vulnerability Note VU#831452 -
       <http://www.kb.cert.org/vuls/id/831452>
     * MIT krb5 Security Advisory 2006-002 -
       <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt>
     * MIT krb5 Security Advisory 2006-003 -
       <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-003-mechglue.txt>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA07-009B.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA07-009B Feedback VU#481564" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2007 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

   January 09, 2007: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRaQNc+xOF3G+ig+rAQKaOQgAjOD7/KVse1tv1gn46WKWVJ4mPajTdn8z
2B7cO52KVKJ6cPvQCXb5Yhy0ljFOqbtZAHyQ/XzdP13CrrQC6ut32aQN+HRSEf3N
3/kwxMxl+QlKUQ97kG3c40XsNClMVDGvWsQj2LRFrzKpTjjPSag+Cdp0eAp0YVx/
6G3WR0HgjoIrfoYgVdqiIz5yeG0O2adLNmjoosDoxV4sro94JbB1iv+SHM+HNCR8
UNIj/kBukOlof0zHapPVofcjJBnxkkRfLrwb1CmrHU5QL6su1GJ4dohlYnnpDevf
NYAoVkr2wni8hjaJezK+jjlp9Q2cEEoRyEHLCS33Q0jOhvSCidXUwQ==
=Ac/A
-----END PGP SIGNATURE-----