Advisory: MIT Kerberos 5: Multiple vulnerabilities Severity: Normal DATE:Dec 7,2007 Vulnerable: ALL Vendor: MIT I.Synopsis Several vulnerabilites have been found in MIT Kerberos 5. II.DETAILS: ---------- Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description A uninitialized vulnerability (CVE-2007-5894)in function reply() in ftpd.c. A dereferencing vulnerability(CVE-2007-5901) in gssapi lib in function gss_indicate_mechs(mi norStatus, mechSet) in g_initialize.c and a integer overflow vunerability(CVE-2007-5902) in rpc lib in function svcauth_gss_get_principal in svc_auth_gss.c. A double free vulnerability(CVE-2007-5971) in function gss_krb5int_make_seal_token_v3 in k5sealv3.c and another double free vulnerability(CVE-2007-5972) in function krb5_def_store_mkey in lib/kdb/kdb_default.c. Impact Reading uninitialized variables can result in unpredictable behavior, crashes, or security holes. Dereferencing,integer overflow and double free may cause instability and potentially crash. References ========== [ 1 ] CVE-2007-5894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 [ 3 ] CVE-2007-5902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902 [ 4 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 5 ] CVE-2007-5972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972 III.CREDIT: ---------- Venustech AD-LAB discovery this vuln. Thank to all Venustech AD-Lab guys. V.DISCLAIMS: ----------- The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Copyright 1996-2007 VENUSTECH. All Rights Reserved. Terms of use. VENUSTECH Security Lab VENUSTECH INFORMATION TECHNOLOGY CO.,LTD(http://www.venustech.com.cn) Security Trusted {Solution} Provider Service _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/