The Channel logo

News

By | John Leyden 20th March 2008 11:44

Critical bugs bite Kerberos

Hell's fire

Multiple critical vulnerabilities have been discovered in version five of the widely-used Kerberos authentication protocol. The most serious of the bugs create a means to either compromise or crash vulnerable systems.

Exploits are yet to surface and patches are available. All releases of MIT Kerberos 5 up to and including krb5-1.6.3 are affected.

Two of the bugs involve errors in processing krb4 requests in MIT Kerberos 5 implementation's Key Distribution Center (KDC) program and libraries. The flaws create a possible mechanism for hackers to execute arbitrary code on targeted systems.

A further two bugs in the Kerberos RPC library, involving the handling of open file descriptors, might be exploited to cause memory corruption.

Developers are advised to update to version krb5-1.6.4 or apply workarounds.

A overview of the bugs by security clearing house Secunia can be found here. A summary of the products affected - along with responses from vendors - has been published by US CERT here and here.

Kerberos was developed by MIT and is a popular means for securely authenticating a request for a service in a computer network. The name derives from Greek mythology, where Cerberus is the three-headed dog guarding the gates of Hades. ®

alert Send corrections

Opinion

Chris Mellor

Drives nails forged with Red Hat iron into VCE's coffin
Sleep Cycle iOS app screenshot

Trevor Pott

Forget big-spending globo biz: it's about the consumer... and he's desperate for a nap
Steve Bennet, ex-Symantec CEO

Chris Mellor

Enormo security firm needs to get serious about acquisitions

Features

Windows 8.1 Update  Storeapps Taskbar
Chinese Buffet self-service
Chopping down the phone tree to scrump low-hanging fruit
An original member of the System/360 family announced in 1964, the Model 50 was the most powerful unit in the medium price range.
Big Blue's big $5bn bet adjusted, modified, reduced, back for more
Microsoft CEO Satya Nadella
Redmond needs to discover the mathematics of trust