Vigil@nce - Heimdal: denial of service via KDC and GSS-API
June 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can send a malicious ticket or a GSS-API
token, in order to stop Heimdal KDC or GSS-API applications.
Severity: 2/4
Creation date: 28/05/2010
DESCRIPTION OF THE VULNERABILITY
The Heimdal suite implements a Kerberos KDC (Key Distribution
Center) and a GSS-API (Generic Security Service Application
Program Interface). Both features do not check for NULL pointers.
The check_tgs_flags() and tgs_make_reply() functions of the
kdc/krb5tgs.c file do not check if the field renew_till is NULL.
[severity:2/4]
A GSS-API token contains a checksum. However, if this checksum is
missing, the gsskrb5_acceptor_start() function dereferences a NULL
pointer. [severity:2/4]
An authenticated attacker can therefore send a malicious ticket or
a GSS-API token, in order to stop Heimdal KDC or GSS-API
applications.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Heimdal-denial-of-service-via-KDC-and-GSS-API-9673