Users login

Create an account »


Users login

Home » Hacking News » Security authentication system Kerberos flaws

Security authentication system Kerberos flaws

by Nikola Strahija on July 14th, 2005 The Massachusetts Institute of Technology has issued patches for three serious flaws in Kerberos v5, a widely used security authentication system. The worst of the flaws could allow an attacker to gain access to an entire authentication realm, according to MIT.

The Kerberos flaws are serious because Kerberos is one of the most widely implemented authentication protocols on the Internet, and is used in many commercial products such as operating systems and routers.

Two of the flaws affect the Key Distribution Center (KDC), which authenticates users. One of these, a boundary error that can cause a heap-based buffer overflow via a TCP or UDP request, may be used to execute malicious code on a system; MIT warned a successful attack could allow access to the entire authentication realm protected by the KDC. The other KDC vulnerability causes the freeing of memory in random locations, leading to a heap corruption; this can crash the system but can't be used to execute code, MIT said.

A third flaw, affecting the krb5_recvauth() function, could allow a remote attacker to take over a system. However, the but is a double-free error, where a program attempts to free memory that's already been freed. "Exploitation of double-free vulnerabilities is believed to be difficult," MIT said in its advisory.

The bugs all affect version 1.4.1 of Kerberos v5, and impact third-party software using the affected components, MIT said. MIT published patching instructions in its advisories and said the problems would be addressed in the forthcoming version 1.4.2.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »