Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Windows, vulnerabilities of Kerberos

February 2011 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

An attacker can use two vulnerabilities of the Windows
implementation of Kerberos, in order to elevate his privileges, or
to negotiate a weak algorithm.

 Severity: 2/4
 Creation date: 09/02/2011

IMPACTED PRODUCTS

 Microsoft Windows 2003
 Microsoft Windows 2008
 Microsoft Windows 7
 Microsoft Windows XP

DESCRIPTION OF THE VULNERABILITY

Two vulnerabilities were announced in the Kerberos implementation
of Windows.

On Windows 7/2008R2, an attacker can use a Man-in-the-Middle, in
order to force the usage of a weak algorithm, such as DES.
[severity:1/4; BID-46140, CVE-2011-0091]

On Windows XP/2003, a local attacker can use an unkeyed checksum
(such as CRC32) in order to authenticate with system privileges.
[severity:2/4; BID-46130, CVE-2011-0043]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Windows-vulnerabilities-of-Kerberos-10351


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts