Multiple vulnerabilities in MIT Kerberos 5



| Updated: 2022-05-27
Risk High
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2011-0285
CVE-2011-0284
CVE-2011-0283
CVE-2010-4022
CWE-ID CWE-20
CWE-399
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
 Kerberos 5
Client/Desktop applications / Software for system administration

Vendor MIT

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU45126

Risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2011-0285

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Kerberos 5: 1.7 - 1.9

CPE2.3 External links

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
https://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html
https://osvdb.org/71789
https://secunia.com/advisories/44125
https://secunia.com/advisories/44181
https://secunia.com/advisories/44196
https://securityreason.com/securityalert/8200
https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
https://www.mandriva.com/security/advisories?name=MDVSA-2011:077
https://www.redhat.com/support/errata/RHSA-2011-0447.html
https://www.securityfocus.com/archive/1/517484/100/0/threaded
https://www.securityfocus.com/bid/47310
https://www.securitytracker.com/id?1025320
https://www.vupen.com/english/advisories/2011/0936
https://www.vupen.com/english/advisories/2011/0986
https://www.vupen.com/english/advisories/2011/0997
https://hermes.opensuse.org/messages/8086843


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Resource management error

EUVDB-ID: #VU45191

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2011-0284

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Kerberos 5: 1.7 - 1.9

CPE2.3 External links

https://lists.fedoraproject.org/pipermail/package-announce/2011-March/056413.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/056573.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-March/056579.html
https://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
https://osvdb.org/71183
https://secunia.com/advisories/43700
https://secunia.com/advisories/43760
https://secunia.com/advisories/43783
https://secunia.com/advisories/43881
https://securitytracker.com/id?1025216
https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt
https://www.kb.cert.org/vuls/id/943220
https://www.mandriva.com/security/advisories?name=MDVSA-2011:048
https://www.redhat.com/support/errata/RHSA-2011-0356.html
https://www.securityfocus.com/archive/1/517029/100/0/threaded
https://www.securityfocus.com/bid/46881
https://www.ubuntu.com/usn/USN-1088-1
https://www.vupen.com/english/advisories/2011/0672
https://www.vupen.com/english/advisories/2011/0673
https://www.vupen.com/english/advisories/2011/0680
https://www.vupen.com/english/advisories/2011/0722
https://www.vupen.com/english/advisories/2011/0763
https://exchange.xforce.ibmcloud.com/vulnerabilities/66101


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU45333

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-0283

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Kerberos 5: 1.9

CPE2.3 External links

https://secunia.com/advisories/43260
https://securityreason.com/securityalert/8073
https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
https://www.securityfocus.com/archive/1/516299/100/0/threaded
https://www.securityfocus.com/bid/46272
https://www.securitytracker.com/id?1025037
https://www.vupen.com/english/advisories/2011/0330


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU45334

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2010-4022

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Kerberos 5: 1.7 - 1.9

CPE2.3 External links

https://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
https://secunia.com/advisories/43260
https://secunia.com/advisories/43275
https://securityreason.com/securityalert/8070
https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt
https://www.mandriva.com/security/advisories?name=MDVSA-2011:025
https://www.redhat.com/support/errata/RHSA-2011-0200.html
https://www.securityfocus.com/archive/1/516286/100/0/threaded
https://www.securityfocus.com/bid/46269
https://www.securitytracker.com/id?1025035
https://www.vupen.com/english/advisories/2011/0329
https://www.vupen.com/english/advisories/2011/0333
https://www.vupen.com/english/advisories/2011/0347
https://www.vupen.com/english/advisories/2011/0464


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###