MIT Kerberos 5 KDC Multiple Memory Corruption Based Information Disclosure Vulnerabilities

MIT Kerberos 5 KDC is prone to multiple information-disclosure vulnerabilities resulting from memory corruption.

These issues occur when KDC is configured to support Kerberos 4 and processes malformed krb4 messages.

An attacker can exploit these issues to obtain potentially sensitive information that will aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. Given the nature of these vulnerabilities, the attacker could leverage these issues to execute arbitrary code, but this has not been confirmed.

MIT Kerberos 5 version 1.6.3 KDC is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus