Kerberos5 KDC Cross Realm Referral Denial Of Service Vulnerability Network Vulnerability

Summary

This host is installed with Kerberos5 and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attacker to cause a denial of service. Impact level: Application

Solution

Upgrade kerberos5 version 1.7.1 or Apply patch from below link, http://web.mit.edu/kerberos/www/ http://web.mit.edu/kerberos/advisories/2009-003-patch.txt ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

The flaw is caused by a NULL pointer dereference error in the KDC cross-realm referral processing implementation, which could allow an unauthenticated remote attacker to cause KDC to crash.

Affected

kerberos5 version prior to 1.7.1

References

http://secunia.com/advisories/37977
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-003.txt
http://www.vupen.com/english/advisories/2009/3652

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3295

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
Comodo Internet Security Denial of Service Vulnerability-01
ejabberd 'mod_pubsub' Module Denial of Service Vulnerability
Comodo Internet Security Denial of Service Vulnerability-03
Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Win

Kerberos5 KDC Cross Realm Referral Denial of Service Vulnerability

Take action and discover your vulnerabilities