ISS X-Force Database: kerberos-gssapi-code-execution(31417): Kerberos GSS-API code execution

Kerberos GSS-API code execution

kerberos-gssapi-code-execution (31417)

High Risk

Description:

Kerberos could allow a remote attacker to execute arbitrary code, caused by a memory corruption vulnerability in the GSS-API implementation of the kadmind daemon. A remote attacker could send a specially-crafted packet to the mechglue abstraction interface, which could allow the attacker to execute arbitrary code on the vulnerable system or crash the application.

Note: Other applications that use the GSS-API may also be affected by this vulnerability.

Platforms Affected:

Gentoo, Linux
IBM, AIX
MIT, Kerberos 5-1.5
MIT, Kerberos 5-1.5.1
Novell, OpenSUSE 10.2
OpenPKG, OpenPKG 2-STABLE
OpenPKG, OpenPKG CURRENT
OpenPKG, OpenPKG Enterprise E1.0-SOLID
Sun, Solaris 10 x86
Sun, Solaris 10 SPARC
Sun, Solaris 8 x86
Sun, Solaris 8 SPARC
Sun, Solaris 9 x86
Sun, Solaris 9 SPARC
SuSE, SuSE Linux 10.0
SuSE, SuSE Linux 10.1
SuSE, SuSE Linux 9.3
SuSE, SuSE SLED 10
SuSE, SuSE SLES 10

Remedy:

Refer to MITkrb5 Security Advisory 2006-003 for patch information. See References.

For SUSE Linux:
Refer to SUSE Security Announcement SUSE-SA:2007:00 for patch, upgrade, or suggested workaround information. See References.

For OpenPKG:
Refer to OpenPKG-SA-2007.006 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

MIT krb5 Security Advisory 2006-003, kadmind (via GSS-API mechglue) frees uninitialized pointers at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2006-003-mechglue.txt.
Sun Alert ID: 201294, Third-party Applications Using GSS-API May Be Vulnerable to Compromise at http://sunsolve.sun.com/search/document.do?assetkey=1-66-201294-1.
ASA-2007-030: Third-party Applications Using GSS-API May Be Vulnerable to Compromise (SUN 102772)
BID-21975: MIT Kerberos Administration Daemon Free Pointers Remote Code Execution Vulnerability
CVE-2006-6144: The mechglue abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.
GLSA-200701-21: MIT Kerberos 5: Arbitrary Remote Code Execution
OpenPKG-SA-2007.006: MIT Kerberos
SA23690: Kerberos kadmind "mechglue" Code Execution Vulnerability
SECTRACK ID: 1017494: Kerberos kadmind GSS-API `mechglue` Memory Error Lets Remote Users Execute Arbitrary Code
SUSE-SA:2007:004: krb5 security problems
US-CERT VU#831452: Kerberos administration daemon may free uninitialized pointers
VUPEN/ADV-2007-0111: Kerberos V5 Kadmind RPC and GSS-API Modules Remote Code Execution Vulnerabilities
VUPEN/ADV-2007-0112: Sun Solaris Generic Security Services Library Remote Command Execution Vulnerability

Reported:

Jan 09, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page