Red Hat Bugzilla – Bug 83616
Multiple kerberos vulnerabilities
Last modified: 2007-11-30 17:06:52 EST
An integer signedness error in the ASN.1 decoder before version 1.2.5
allows remote attackers to cause a denial of service via a large unsigned
data element length, which is later used as a negative value. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2002-0036
to this issue.
The Key Distribution Center (KDC) before version 1.2.5 allows remote,
authenticated, attackers to cause a denial of service (crash) on KDCs
within the same realm via a certain protocol request that causes a null
dereference. The Common Vulnerabilities and Exposures project has assigned
the name CAN-2003-0058 to this issue.
A vulnerability in the Kerberos before version 1.2.3 allows users from one
realm to impersonate users in other realms that have the same inter-realm
keys. The Common Vulnerabilities and Exposures project has assigned the
name CAN-2003-0059 to this issue.
The MIT advisory for these issues also mentions format string
vulnerabilities in the logging routines (CAN-2003-0060). Previous versions
of the kerberos packages from Red Hat already contain fixes for this issue.
These were addressed in RHSA-2003-052, closing.