Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cygnus_network_security | Cygnus | 4.0 (including) | 4.0 (including) |
| Kerbnet | Cygnus | 5.0 (including) | 5.0 (including) |
| Kerberos | Mit | 4.0 (including) | 4.0 (including) |
| Kerberos_5 | Mit | 1.0 (including) | 1.0 (including) |
| Kerberos_5 | Mit | 1.1 (including) | 1.1 (including) |
| Kerberos_5 | Mit | 1.1.1 (including) | 1.1.1 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
- http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
- http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
- http://www.cert.org/advisories/CA-2000-11.html
- http://www.redhat.com/support/errata/RHSA-2000-031.html
- http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
- http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
- http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
- http://www.cert.org/advisories/CA-2000-11.html
- http://www.redhat.com/support/errata/RHSA-2000-031.html