Ziff Davis Internet
News & Resources for the IT Reseller
NewsReviewsTech AnalysisCommentarySecurityLinux/Unix
My Account |  

‘Critical’ Kerberos Flaws Could Open Networks to Attack
By Matthew Broersma

Kerberos, the popular authentication protocol developed by the Massachusetts Institute of Technology, is vulnerable to three serious flaws that could allow an attacker to gain access to protected corporate networks, MIT researchers disclosed late on Tuesday.


Unix variants such as Solaris and Apple Computer Inc.’s Mac OS X, and Linux distributions such as Red Hat and Gentoo all contain the affected code. Windows also uses a version of Kerberos, but it doesn’t contain the flaw.

Two of the bugs affect the MIT krb5 KDC (Key Distribution Center), used for authenticating users. Both are exploitable via a specially crafted request via a TCP connection. The first bug causes the KDC to corrupt the heap by attempting to free memory at a random address, resulting in a KDC crash.

The second, more serious bug, can be exploited by the same request, via either TCP or UDP (User Datagram Protocol), and triggers a bug in the krb5 library resulting in a single-byte heap buffer overflow, potentially allowing an attacker to execute code with root privileges. If exploited, an attacker could gain access to an entire authentication realm, security experts said. MIT said such an attack was possible but “highly improbable.”

eWEEK.com Special Report: Securing the Network

The third bug affects the “krb5_recvauth()” function and could also allow the execution of malicious code. MIT researchers said the type of flaw involved—a “double free” error, where a component attempts to free memory that has already been freed—is thought to be difficult to exploit. No exploit code is currently known for any of the three flaws, MIT said.

Independent security vendor Secunia called the three bugs “highly critical,” its second most serious rating. The French Security Incident Response Team gave the bugs a “critical” rating, its most serious.

MIT’s implementation of Kerberos is commonly integrated into Linux and Unix, and Linux vendors such as Red Hat Inc. and Gentoo Foundation Inc. have begun distributing patches.

Sun Microsystems Inc. acknowledged that Solaris and SEAM (Sun Enterprise Authentication Mechanism) are affected, but it did not immediately have a patch available, instead advising users to put a workaround into place. However, no workaround is available for the single-byte buffer overflow flaw, according to Sun.

Apple has not yet issued an advisory on its implementation of Kerberos in Mac OS X.

PointerClick here to read about Apple’s latest update for Mac OS X “Tiger,” which fixes two security flaws.

The glitches affect Kerberos v5 versions 1.4.1 and earlier, as well as any third-party software using the affected components and functions, according to researchers. MIT’s advisories on the bugs, found here and here, contain instructions on patching. Kerberos v5 version 1.4.2 will also fix the bugs when it is released, according to MIT.

Kerberos, developed at MIT, is one of the most widely deployed authentication protocols on the Internet and is implemented in many commercial products, including operating systems and routers. Windows 2000, Windows XP and Windows Server 2003 use a variant of Kerberos as their default authentication method, but since the Windows version doesn’t use MIT’s code, it isn’t affected by the latest bugs.

The vulnerabilities are the most serious in Kerberos v5 since September 2004, when several serious bugs surfaced in an earlier version of Kerberos v5, similar to those disclosed this week. In early 2003, multiple issues allowed remote system access, impersonation and denial of service.

In October 2002, a flaw in kadmind4 (Kerberos v4 compatibility administration daemon) allowed unauthenticated attackers to gain root privileges on Kerberos v4 and v5 machines; at that time, MIT researchers said an exploit was already circulating when the patch was released.

A less serious bug surfaced in the MIT Kerberos Telnet Client at the end of March, allowing malicious users to access a system, but only under particular conditions.

PointerCheck out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.



Free Hands-On Training Lab
Find out how key features of SBS 2003 can help you open up a new line of revenue. Register now >>

SBS 2003 Sales Reference Card
This handy reference card contains features at a glance, sales objection handling, pricing guidelines & more. Get it now >>

Microsoft Empower for ISVs rewards your big idea with big benefits and support.
Access key development tools at a low cost to help you develop that idea into an innovative application. Learn more >>

Changing Business for the Better: A Practical Guide to BPM

This paper provides an overview of the benefits of BPM technologies and identifies the characteristics of BPM solutions that lead to successful BPM process-centric integration projects.

Download this free white paper to learn more!

>> brought to you by IBM

Attention Microsoft Solution Providers!

Want to gain a competitive edge? Try Microsoft Watch – FREE!

Each week you receive:
  • Microsoft News and Insider Information
  • Expert Analysis
  • Code Names of Upcoming MS Products
  • Year-Ahead Calendar, updated monthly

    Click Here to sign up now for your FREE 14 Day Trial to Microsoft Watch.
  • Add up to $1,200 of value with the new BONUS PACKS.
  • HP PartnerONE: The key to increasing your margins.
  • HP Compaq nc6129 Business Notebook. $1149 Smart Buy
  • HP xw8200 workstation. Smart Buy price $1549.
  • ProLiant DL360G4p server: HP Smart Buy price $1647
  • Microsoft files new anti-piracy lawsuits. Learn more.
  • New offers with Windows Genuine Advantage.

    •Catalog Publishing
    •Dealer Management
    •Order Configuration
    •Price Management
    •Sales Management

    View All >

    Search the jobs you want & get the info you need – post your resume here today!

    Powered by Dice
    White Boxes
    MS vs. IBM
    Linux in the Channel
    Stay in the Zone
    Put The Channel Insider on your desktop.
    Subscribe to The Channel Insider: Channel News, Reviews, Resources and more.

    Make your selections below:

    Contract Watch

    The Channel Insider Update

    Preferred e-mail format:

    Enter your e-mail:

    view all newsletters >>
    Channel Insider Quick Links
    Ziff Davis Footer Logo