Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog - KDC DoS in cross-realm referral processing InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

KDC DoS in cross-realm referral processing

Published: 2009-12-30
Last Updated: 2009-12-30 00:34:31 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

If you are currently using MIT krb5 release krb5-1.7, a null pointer dereference has been reported where an unauthenticated remote attacker could cause the KDC to crash (DoS). This is not a vulnerability in the Kerberos protocol. A patch and a workaround has been made available here.
-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Keywords: Kerberos KDC DoS
0 comment(s)
Diary Archives