|
|
|
|
| |
Credit:
The information has been provided by Nalin Dahyabhai, Jan iankko Lieskovsky and Zbysek Mraz.
The original article can be found at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt
|
| |
Vulnerable Systems:
* kadmind in MIT releases krb5-1.7 and later
FTP daemon in MIT releases krb5-1.7 and later
Third-party software using the GSS-API library from MIT krb5 releases krb5-1.7 and later
Immune Systems:
* MIT releases prior to krb5-1.7
* MIT release krb5-1.7.2
* MIT release krb5-1.8.1
A patch to fix CVE-2009-0845 interacted poorly with new functionality introduced in krb5-1.7. This allowed an error condition to occur where receiving an invalid packet could cause an assertion failure, crashing the program and causing denial of service.
When the spnego_gss_accept_sec_context() function (in src/lib/gssapi/spnego/spnego_mech.c) receives an invalid packet during the beginning of a GSS-API protocol exchange, it can set some internal state that tells it to send an error token without first creating a context handle, but some subsequently executed code contains a call to assert() that requires that the context handle be non-null.
Patch Availability:
Apply the patch available at:
http://web.mit.edu/kerberos/advisories/2010-002-patch.txt
A PGP-signed patch is available at:
http://web.mit.edu/kerberos/advisories/2010-002-patch.txt.asc
CVE Information:
CVE-2010-0628
Disclosure Timeline:
Original release: 2010-03-23
Last update: 2010-03-23
|
|
|
|
|
