Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Debian: DSA-2518-1 Moderate: krb5 Remote Code Execution

debian
Calendar Grey July 31, 2012
Scroller Debian
- ------------------------------------------------------------------------- Debian Security Advisory
Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol

Summary

Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT
Kerberos, a daemon implementing the network authentication protocol.

CVE-2012-1014

By sending specially crafted AS-REQ (Authentication Service Request) to a KDC
(Key Distribution Center), an attacker could make it free an uninitialized
pointer, corrupting the heap. This can lead to process crash or even arbitrary
code execution.
.
This CVE only affects testing (wheezy) and unstable (sid) distributions.

CVE-2012-1015

By sending specially crafted AS-REQ to a KDC, an attacker could make it
dereference an uninitialized pointer, leading to process crash or even
arbitrary code execution

In both cases, arbitrary code execution is believed to be difficult to achieve,
but might not be impossible.

For the stable distribution (squeeze), this problem has been fixed in
version 1.8.3+dfsg-4squeeze6.

For the testing distribution (wheezy), this problem has been fixed in
version 1.10.1+dfsg-2.

For the unstable distribution (sid), th...

Read the Full Advisory

Package: krb5
CVE ID: CVE-2012-1014 CVE-2012-1015

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.