Vigil@nce - Windows: denial of service via Kerberos
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a malicious Kerberos session, in order to
restart a Windows server.
Impacted products: Windows 2008, Windows 7
Severity: 2/4
Creation date: 09/10/2012
DESCRIPTION OF THE VULNERABILITY
The Kerberos protocol is used to authenticate the access to
resources.
However, during a Kerberos session, an attacker can send a
malicious value, in order to force the Kerberos service to
dereference a NULL pointer.
An attacker can therefore use a malicious Kerberos session, in
order to restart a Windows server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-denial-of-service-via-Kerberos-12048