MIT Kerberos 5 Principal Name Buffer Underrun Vulnerability

A buffer underrun vulnerability has been discovered in Kerberos when handling principal names. Though precide details are not yet known, the problem likely occurs due to unexpected results when calculating static values with user-supplied values. This condition could be triggered if an attacker were to trigger a calculation causing an unexpected wrapped value to be returned.

Successful exploitation of this issue may result in an attacker gaining the ability to corrupt memory and thus execute arbitrary code on an affected Key Distribution Center (KDC) server. The exploitability of this issue to execute commands may be highly dependant on dynamic memory implementation.


Privacy Statement
Copyright 2010, SecurityFocus