Feeds

Kerberos bug bites

Authentication system in stack buffer overflow risk

  • alert
  • submit to reddit

Intelligent flash storage arrays

A flaw has been identified in certain implementations of the widely used Kerberos authentication protocol. The flaw could be exploited by crackers to gain root access to authentication servers.

The issue is serious, with at least one exploit known to exist in the wild, but there is a patch.

All releases of MIT Kerberos 5, up to and including krb5-1.2.6, and all Kerberos 4 implementations derived from MIT Kerberos 4, including Cygnus Network Security (CNS), are affected by the high risk vulnerability.

The US government Department of Energy's Computer Incident Advisory Capability (CIAC) team warns the problem is compounded because a potential attacker does not have to authenticate to an authentication server in order to carry out the attack. Because of the issue an attacker might be able execute arbitrary code on the key distribution center (KDC), which authenticates users, and thereby compromise a Kerberos database.

A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) of the MIT krb5 distribution has been identified as the root cause of the problem. The kadmind4 daemon supplied with MIT krb5 is intended for use in sites that require compatibility with legacy administrative clients; sites that do not have this requirement are not likely to be running this daemon.

MIT has published an advisory which advises sys admins with potentially vulnerable servers on how to fix the flaw.

Kerberos, which was developed by MIT, is a very widely used means for securely authenticating a request for a service in a computer network. The name derives from Greek mythology, where Cerberus is the three-headed dog guarding the gates of Hades. ®

Related Stories

Sun library bug affects *Nix and Kerberos
Microsoft backs Web services security standard
SSH hits the fan for Unix admins

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.