X

The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 101810 Security Vulnerability in the Kerberos krb5_recvauth() Library Routine

Guest Author
Product: Solaris 9 Operating System, Solaris 10 Operating System, Sun Enterprise Authentication Mechanism Software, Solaris 7 Operating System, Solaris 8 Operating System

An unprivileged (either authenticated or unauthenticated) remote user may be able to execute arbitrary code with elevated privileges on Kerberos systems due to a double-free error in the krb5_recvauth() library routine. The privileges attained would depend on the affected program that utilizes the krb5_recvauth() routine; some affected applications such as kpropd() run with root privileges on slave Key Distribution Center (KDC) hosts, which means its potentially possible to compromise an entire Kerberos realm.

This issue is described in MIT krb5 Security Advisory 2005-003 available at

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt

This issue is also referenced in the following documents:

CAN-2005-1689 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689

CERT VU#623332 at http://www.kb.cert.org/vuls/id/623332.

Avoidance: Patch
State: Resolved
First released: 12-Jul-2005

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.