Kerberos, the popular authentication protocol developed by the Massachusetts Institute of Technology, is vulnerable to three serious flaws that could allow an attacker to gain access to protected corporate networks, MIT researchers disclosed late on Tuesday.

Unix variants such as Solaris and Apple Computer Inc.'s Mac OS X, and Linux distributions such as Red Hat and Gentoo all contain the affected code. Windows also uses a version of Kerberos, but it doesn't contain the flaw.

Two of the bugs affect the MIT krb5 KDC (Key Distribution Center), used for authenticating users. Both are exploitable via a specially crafted request via a TCP connection. The first bug causes the KDC to corrupt the heap by attempting to free memory at a random address, resulting in a KDC crash.

The second, more serious bug, can be exploited by the same request, via either TCP or UDP (User Datagram Protocol), and triggers a bug in the krb5 library resulting in a single-byte heap buffer overflow, potentially allowing an attacker to execute code with root privileges. If exploited, an attacker could gain access to an entire authentication realm, security experts said. MIT said such an attack was possible but "highly improbable."

The third bug affects the "krb5_recvauth()" function and could also allow the execution of malicious code. MIT researchers said the type of flaw involved—a "double free" error, where a component attempts to free memory that has already been freed—is thought to be difficult to exploit. No exploit code is currently known for any of the three flaws, MIT said.

The link for this article located at eWeek is no longer available.