• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MIT Kerberos Key Distribution Center Remote Format String Vulnerabilities

A number of vulnerabilities have been reported in MIT Kerberos Key Distribution Center (KDC). It has been reported that various printf functions fail to supply sufficient format specifiers when handling user-supplied data.

By supplying a malicious string to KDC, containing format specifiers designed to overwrite sensitve memory, it may be possible under some circumstances for an unauthenticated attacker to execute arbitrary commands.

As this issue affects older releases of Kerberos, a BID may already exist. If this is issue proves to be covered in a previous database entry, this BID will be retired and the correct BID will be updated accordingly.