vulnerability announce CVE-2010-0035

Windows 2000, 2003, 2008: denial of service via Kerberos

Synthesis of the vulnerability

An authenticated attacker can generate a denial of service on the domain controller.

Severity: 2/4. Creation date: 10/02/2010.

Description of the vulnerability

A domain controller (Active Directory) uses the Kerberos protocol. According to the Kerberos protocol, when a user wants to authenticate on a computer, it asks a TGT (Ticket Granting Ticket) to the KDC (AD) server. The user has to use a valid password to decrypt this TGT, which is for example valid during 8 hours. The computer can then ask the KDC to renew the TGT. However, if the renewal query is malformed, and is sent to a server configured in mixed mode, an error occurs and stops the system. An authenticated attacker can therefore generate a denial of service on the domain controller.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Windows 2000, 2003, 2008: denial of service via Kerberos. Keywords: 2000 2003 2008 Active Directory Granting KDC Kerberos TGT Ticket Windows denial service. Identifiers: 977290, BID-38110, CVE-2010-0035, MS10-014, VIGILANCE-VUL-9437.

Information sources

Publications and announces Source example: MS10-014 - Vulnerability in Kerberos Could Allow Denial of Service (977290)

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Systems vulnerabilities