The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 101512 Solaris/SEAM Kerberos 5 Vulnerability Due To Buffer Overflows In krb5_aname_to_localname()

Guest Author
Product: Solaris 9 Operating System, Solaris 7 Operating System, Solaris 8 Operating System

On Kerberos 5 enabled systems using "auth_to_local" mapping through appropriate entries in the krb5 configuration file krb5.conf(4), an unprivileged local or remote user with kerberos credentials may be able to execute arbitrary code with root privileges due to buffer overflows in "krb5_aname_to_localname()" function.

This issue is described in CERT vulnerability VU#686862 at http://www.kb.cert.org/vuls/id/686862 and MIT krb5 Security Advisory 2004-001 at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt.

Avoidance: Patch
State: Resolved
First released: 10-Jun-2004

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.