• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MIT Kerberos5 kadmind Excessive File Descriptors Multiple Remote Code Execution Vulnerabilities

The 'kadmind' server is prone to multiple vulnerabilities that can allow attackers to execute remote code because of array overruns in the RPC library code.

Exploiting these issues may allow attackers to execute arbitrary code with superuser privileges, facilitating in the complete compromise of affected computers. Failed attempts will cause crashes and deny service to legitimate users of the application.

Note that a compromise of a Master KDC (Key Distribution Center) principal and policy server will affect multiple hosts that use the server for authentication, potentially contributing to their compromise as well.

These issues affect:

- krb5-1.4 through krb5-1.63, where configurations allow large numbers of open file descriptors.
- krb5-1.2.2 through krb5-1.3, where '<unistd.h>' does not define FD_SETSIZE. Note that this is likely the case in many GNU/Linux distributions; Solaris 10 and Mac OS X 10.4 may be unaffected.