MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities

MIT Kerberos is prone to multiple integer-underflow vulnerabilities because it fails to properly handle malformed encrypted data.

Attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Failed attacks will result in denial-of-service conditions.

Versions prior to Kerberos 5 1.6.4 and 1.7.1 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus