|Summary:||Multiple kerberos vulnerabilities|
|Product:||Red Hat Enterprise Linux 2.1||Reporter:||Mark J. Cox <mjc>|
|Component:||krb5||Assignee:||Nalin Dahyabhai <nalin>|
|Status:||CLOSED ERRATA||QA Contact:||Brian Brock <bbrock>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2005-09-15 21:18:20 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Mark J. Cox 2003-02-06 11:36:28 UTC
An integer signedness error in the ASN.1 decoder before version 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. The Common Vulnerabilities and Exposures project has assigned the name CAN-2002-0036 to this issue. The Key Distribution Center (KDC) before version 1.2.5 allows remote, authenticated, attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. The Common Vulnerabilities and Exposures project has assigned the name CAN-2003-0058 to this issue. A vulnerability in the Kerberos before version 1.2.3 allows users from one realm to impersonate users in other realms that have the same inter-realm keys. The Common Vulnerabilities and Exposures project has assigned the name CAN-2003-0059 to this issue. The MIT advisory for these issues also mentions format string vulnerabilities in the logging routines (CAN-2003-0060). Previous versions of the kerberos packages from Red Hat already contain fixes for this issue.
Comment 1 Nalin Dahyabhai 2005-09-15 21:18:20 UTC
These were addressed in RHSA-2003-052, closing.