The Computer Emergency Response Team
Coordination Center (CERT/CC) Friday warned of a remotely exploitable
buffer overflow in the Kerberos network authentication protocol which could
compromise the integrity of the entire Kerberos realm.
Kerberos, developed at the Massachusetts Institute of Technology (MIT), is
a freely available tool used to provide strong authentication for
client/server applications by using secret-key cryptography. The technology
is also found in many commercial products today.
In a security advisory Friday, CERT said a buffer overflow in the
Kerberos administration daemon could allow a remote attacker to gain root
privileges. CERT also noted that it has received reports that this
vulnerability is being exploited.
The Kerberos administration daemon (often called kadmind), handles password
changes and other requests to modify the Kerberos database. The portion of
that code which provides legacy support for the Kerberos 4 administration
protocol contains the buffer overflow.
The vulnerability affects Kerberos version 4 and version 5 up to, and
including, krb5-1.2.6, KTH eBones prior to version 1.2.1, KTH Heimdal prior
to version 0.5.1, and other Kerberos implementations derived from
vulnerable variations of the above code.
CERT recommended disabling support for the Kerberos 4 administration
protocol if not needed, as well as blocking access to the Kerberos administration
service from untrusted networks like the Internet. It also suggested only
granting access to the service to trusted administrative hosts.
More information about the vulnerability, and patches, is available here.