Kerberos5 Multiple Integer Underflow Vulnerabilities Network Vulnerability

Summary

This host is installed with Kerberos5 and is prone to multiple Integer Underflow vulnerability.

Impact

Successful exploitation will allow attacker to cause a denial of service or possibly execute arbitrary code. Impact level: Application

Solution

Apply patch from below link, http://web.mit.edu/kerberos/advisories/2009-004-patch_1.7.txt http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

Multiple Integer Underflow due to errors within the 'AES' and 'RC4' decryption functionality in the crypto library in MIT Kerberos when proccessing ciphertext with a length that is too short to be valid.

Affected

kerberos5 version 1.3 to 1.6.3, and 1.7

References

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-004.txt
https://bugzilla.redhat.com/show_bug.cgi?id=545015

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4212
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Alpine tmail and dmail Buffer Overflow Vulnerabilities (Win)
Adobe Flash Player Buffer Overflow Vulnerability (Mac OS X)
Blazevideo HDTV Player PLF File Buffer Overflow Vulnerability
CuteFTP Heap Based Buffer Overflow Vulnerability
Apache APR and APR-util Multiple Integer Overflow Vulnerabilities

Take action and discover your vulnerabilities