Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 83616

Summary: Multiple kerberos vulnerabilities
Product: Red Hat Enterprise Linux 2.1 Reporter: Mark J. Cox <mjc>
Component: krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.1   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-09-15 21:18:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Mark J. Cox 2003-02-06 11:36:28 UTC
An integer signedness error in the ASN.1 decoder before version 1.2.5
allows remote attackers to cause a denial of service via a large unsigned
data element length, which is later used as a negative value.  The Common
Vulnerabilities and Exposures project has assigned the name CAN-2002-0036
to this issue.  

The Key Distribution Center (KDC) before version 1.2.5 allows remote,
authenticated, attackers to cause a denial of service (crash) on KDCs
within the same realm via a certain protocol request that causes a null
dereference.  The Common Vulnerabilities and Exposures project has assigned
the name CAN-2003-0058 to this issue.

A vulnerability in the Kerberos before version 1.2.3 allows users from one
realm to impersonate users in other realms that have the same inter-realm
keys.  The Common Vulnerabilities and Exposures project has assigned the
name CAN-2003-0059 to this issue.

The MIT advisory for these issues also mentions format string
vulnerabilities in the logging routines (CAN-2003-0060).  Previous versions
of the kerberos packages from Red Hat already contain fixes for this issue.

Comment 1 Nalin Dahyabhai 2005-09-15 21:18:20 UTC
These were addressed in RHSA-2003-052, closing.