Vigil@nce: MIT krb5, denial of service of kadmind
April 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use an API version number too high,
in order to stop the kadmind daemon of MIT krb5 version 1.5 to
1.6.3.
– Severity: 2/4
– Creation date: 07/04/2010
DESCRIPTION OF THE VULNERABILITY
The kadmind daemon of MIT krb5 version 1.5 to 1.6.3 customizes
error messages using the current context.
The kadmin client indicates the API (Application Programming
Interface) version number it uses. When kadmind receives an
unsupported version number, the stub init_2_svc() function
generates an error message, by calling krb5_get_error_message().
However, this message uses an uninitialized context, which stops
the daemon.
An authenticated attacker can therefore use an API version number
too high, in order to stop the kadmind daemon of MIT krb5 version
1.5 to 1.6.3.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/MIT-krb5-denial-of-service-of-kadmind-9562