Two vulnerabilities affecting the Kerberos application have been discovered. The first is a buffer overflow affecting the RPC library included with the MIT Kerberos application (and which may also be included in other software), which allows arbitrary code execution.

The second vulnerability is with the kadmind component, where an authenticated user may be able to execute arbitrary code through the use of an uninitialised memory pointer.

Description:

Two separate vulnerabilities have been reported for the Kerberos authentication tool maintained by MIT. The most serious of the two vulnerabilities is a memory fault in an included software library (which may also be in other products) that potentially allows an attacker to run software of their choice on a victim's system.

The second vulnerability allows an authenticated user to run software of their choice on a vulnerable system through another memory issue. Although MIT have received sample exploitation code from a third party, exploit code for these issues has yet to circulate widely.

Mitigation:

Update to the latest official version from MIT, or wait until your Operating System vendor is able to release a patched version for your platform.

Updates:

Source:

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-006.txt

Exploits:

CVE-ID: CVE-2007-3999 CVE-ID: CVE-2007-4000