| Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability bulletin CVE-2009-0845
MIT Kerberos: denial of service via SPNEGO
Synthesis of the vulnerability
| An attacker can use a SPNEGO authentication in order to stop MIT Kerberos. |
Severity: 2/4.
Consequences: denial of service of service.
Provenance: intranet client.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Creation date: 26/03/2009.
|
Impacted products
Description of the vulnerability
The SPNEGO (Simple and Protected GSSAPI NEGOtiation Mechanism, RFC 4178) mechanism is used to negotiate an authentication protocol. The MIT Kerberos server implements SPNEGO.
Two token types are defined: negTokenInit and negTokenResp. The NegTokenInit token contains a bit field named ContextFlags.
When the Kerberos client sends a NegTokenInit with an invalid ContextFlags flag, a NULL pointer is dereferenced in the spnego_gss_accept_sec_context() function of the lib/gssapi/spnego/spnego_mech.c file. This error stops the MIT Kerberos server.
An attacker can therefore use a malicious SPNEGO authentication in order to stop MIT Kerberos. |
Characteristics
Title: MIT Kerberos: denial of service via SPNEGO
Identifiers: 256728, 6822062, 6822066, BID-34257, CVE-2009-0845, DSA 1766-1, FEDORA-2009-2834, FEDORA-2009-2852, MDVSA-2009:082, MITKRB5-SA-2009-001, MITKRB5-SA-2009-002, SUSE-SA:2009:019, VIGILANCE-VUL-8568.
Pointed by: VIGILANCE-VUL-8608.
Url: https://vigilance.fr/tree/1/8568
|
Information sources
Solutions for this vulnerability
|
