MIT Kerberos 5 ASN.1 Decoder Denial Of Service Vulnerability

It is reported that MIT Kerberos V is susceptible to a denial of service vulnerability in its ASN.1 decoder.

This vulnerability presents itself when the krb5 library attempts to decode a malformed ASN.1 buffer.

As a result of this vulnerability, a remote attacker may be able to deny all Kerberos service in a realm by sending malicious UDP packets to all KDCs (Key Distribution Center). The affected KDCs would then stop servicing further authentication requests. All services utilizing Kerberos for authentication would fail to allow further requests.

MIT Kerberos V versions 1.2.2 through to 1.3.4 are reportedly affected by this vulnerability.

Update: IBM has reported that IBM Tivoli Access Manager for e-business version 5.1 is vulnerable to this issue when configured for single sign on using SPNEGO authentication.


Privacy Statement
Copyright 2010, SecurityFocus