• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MIT Kerberos 5 RPC Library Remote Code Execution Vulnerability

MIT Kerberos 5 is prone to a remote code-execution vulnerability. This issue resides in the server-side portion of the Kerberos RPC library. Currently, the 'kadmind' service is known to be vulnerable, but other applications that use this library may also be affected.

An attacker can exploit this issue to execute arbitrary code with administrative privileges, completely compromising affected computers. Failed exploit attempts will result in a denial of service. After a Kerberos database computer has been compromised, attackers may gain unauthorized access to
other services that rely on the Kerberos infrastructure for authentication.