The Channel logo

News

By | John Leyden 20th March 2008 11:44

Critical bugs bite Kerberos

Hell's fire

Multiple critical vulnerabilities have been discovered in version five of the widely-used Kerberos authentication protocol. The most serious of the bugs create a means to either compromise or crash vulnerable systems.

Exploits are yet to surface and patches are available. All releases of MIT Kerberos 5 up to and including krb5-1.6.3 are affected.

Two of the bugs involve errors in processing krb4 requests in MIT Kerberos 5 implementation's Key Distribution Center (KDC) program and libraries. The flaws create a possible mechanism for hackers to execute arbitrary code on targeted systems.

A further two bugs in the Kerberos RPC library, involving the handling of open file descriptors, might be exploited to cause memory corruption.

Developers are advised to update to version krb5-1.6.4 or apply workarounds.

A overview of the bugs by security clearing house Secunia can be found here. A summary of the products affected - along with responses from vendors - has been published by US CERT here and here.

Kerberos was developed by MIT and is a popular means for securely authenticating a request for a service in a computer network. The name derives from Greek mythology, where Cerberus is the three-headed dog guarding the gates of Hades. ®

alert Send corrections

Opinion

Windows 10 on Surface 3

Tim Anderson

It's do-or-die for Microsoft's new operating system on 29 July
Wine Taps by N Wong, Flickr, CC 2.0 License

Simon Sharwood

Clouds sell compute by the glass. On-premises kitmakers want to sell wine-as-a-service

Greg Knieriemen

Privacy, security, information sovereignty, what we all want, right?
Microsoft's Joe Belfiore, speaking at Build 2015

Andrew Orlowski

Redmond devotees may as well have demanded manga desktop wallpaper

Features

Android icon desktop toys
Nice devices, now speak 'enterprise' to me
Standard Form 86 reads like a biography of each intelligence worker
Protestor barricade image via Shutterstock
Breaking through the hardware barricades to a new network state
Racecar