lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 08 Dec 2007 00:07:53 +0800
From: "xiaojunli.air" <xiaojunli.air@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: MIT Kerberos 5: Multiple vulnerabilities

Advisory: MIT Kerberos 5: Multiple vulnerabilities
Severity: Normal
DATE:Dec  7,2007
Vulnerable:
	ALL
Vendor:
	MIT
I.Synopsis
Several vulnerabilites have been found in MIT Kerberos 5.

II.DETAILS:
----------
Background
MIT Kerberos 5 is a suite of applications that implement the Kerberos
network protocol.

Description

	A uninitialized  vulnerability (CVE-2007-5894)in function reply() in
ftpd.c.
 A dereferencing vulnerability(CVE-2007-5901)  in gssapi lib in function
gss_indicate_mechs(mi
norStatus, mechSet) in g_initialize.c and a integer overflow
vunerability(CVE-2007-5902)
in rpc lib in function svcauth_gss_get_principal in svc_auth_gss.c. A
double free vulnerability(CVE-2007-5971)
in function gss_krb5int_make_seal_token_v3 in k5sealv3.c and another
double free vulnerability(CVE-2007-5972)
in function krb5_def_store_mkey in lib/kdb/kdb_default.c.

Impact

Reading uninitialized variables can result in unpredictable behavior,
crashes, or security holes.
Dereferencing,integer overflow and double free may cause instability and
potentially crash.

References
==========

  [ 1 ] CVE-2007-5894
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894
  [ 2 ] CVE-2007-5901
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901
  [ 3 ] CVE-2007-5902
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902
  [ 4 ] CVE-2007-5971
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971
  [ 5 ] CVE-2007-5972
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972


III.CREDIT:
----------
    Venustech AD-LAB discovery this vuln. Thank to all Venustech AD-Lab
guys.

V.DISCLAIMS:
-----------

The information in this bulletin is provided "AS IS" without warranty of
any
kind. In no event shall we be liable for any damages whatsoever
including direct,
indirect, incidental, consequential, loss of business profits or special
damages.

Copyright 1996-2007 VENUSTECH. All Rights Reserved. Terms of use.

VENUSTECH Security Lab
VENUSTECH INFORMATION TECHNOLOGY CO.,LTD(http://www.venustech.com.cn)

Security
Trusted {Solution} Provider
Service

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists