Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: MIT krb5, denial of service via SPNEGO

March 2010 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

An unauthenticated attacker can send a malicious SPNEGO message to
MIT krb5, in order to stop GSSAPI applications.

 Severity: 2/4
 Creation date: 24/03/2010

DESCRIPTION OF THE VULNERABILITY

GSSAPI (Generic Security Services Application Program Interface)
defines names of standard functions, which are used by libraries
providing security features. SPNEGO (Simple and Protected GSSAPI
Negotiation Mechanism) is used by a client to choose amongst
several GSSAPI implementations. MIT krb5 implements a GSSAPI
interface, and supports SPNEGO.

The spnego_gss_accept_sec_context() function of the file
src/lib/gssapi/spnego/spnego_mech.c of MIT krb5 analyzes received
SPNEGO messages. However, a special message generates an error in
acc_ctx_hints(), which forces a premature exit of
spnego_gss_accept_sec_context(), with a NULL sc (SPNEGO context)
pointer. This generates an assertion error, and stops the
application.

Vulnerable applications are:
 kadmind of MIT krb5 >= 1.7
 FTP Daemon of MIT krb5 >= 1.7
 applications linked to the GSSAPI library of MIT krb5 >= 1.7

An unauthenticated attacker can therefore send a malicious SPNEGO
message to MIT krb5, in order to stop GSSAPI applications.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/MIT-krb5-denial-of-service-via-SPNEGO-9530


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts