SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Device (Router/Bridge/Hub)  >  Cisco VPN 3000 Concentrator Vendors:  Cisco
(Cisco Issues Fix for VPN 3000) Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service
SecurityTracker Alert ID:  1011109
SecurityTracker URL:  http://securitytracker.com/id?1011109
CVE Reference:  CAN-2004-0644   (Links to External Site)
Date:  Aug 31 2004
Impact:  Denial of service via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 4.0.x prior to 4.0.5.B; 4.1.x prior to 4.1.5.B
Description:  A denial of service vulnerability was reported in Kerberos 5 in the ASN.1 decoder library. A remote user can cause a Key Distribution Center (KDC) or an application server to enter an infinite loop. The Cisco VPN 3000 concentrators are affected when authenticating users against a KDC.

The vendor reported that if the ASN.1 SEQUENCE type was encoded with an indefinite length, the asn1bug_snc() function will attempt to skip any trailing unrecognized fields with the asn1buf_skiptail() function. The asn1buf_skiptail() function does not properly handle certain error conditions and may enter an infinite loop.

The vendor credits Will Fiveash and Nico Williams at Sun with discovering this vulnerability.
Impact:  A remote user can cause the KDC or application server to enter an infinite loop.
Solution:  Cisco has issued a fix for the VPN 3000 Concentrator series, which is affected by the Kerberos vulnerability. A fix is available in versions 4.0.5.B and later and 4.1.5.B and later. See the Cisco advisory for patch information:

http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml
Vendor URL:  www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml (Links to External Site)
Cause:  State error

Message History:   This archive entry is a follow-up to the message listed below.
Aug 31 2004 Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service


 Source Message Contents
Date:  Tue, 31 Aug 2004 16:04:18 -0400
Subject:  http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml

 
 
http://www.cisco.com/warp/public/707/cisco-sa-20040831-krb5.shtml
 
Cisco Security Advisory: Vulnerabilities in Kerberos 5 Implementation
Document ID: 61720
 
Cisco reported that the Cisco VPN 3000 Series Concentrators authenticating users 
against a Kerberos Key Distribution Center (KDC) may be vulnerable to the recently 
reported Kerberos 5 vulnerabilities.  A remote user may be able to execute arbitrary 
code or deny service.
 
Cisco reports that all 4.0.x versions prior to 4.0.5.B and all 4.1.x versions prior to 
4.1.5.B are vulnerable.  Versions prior to 4.0.x are not vulnerable because they do not 
support Kerberos authentication.
 
Cisco has assigned Bug IDs CSCef24692 and CSCef24900 to these vulnerabilities.
 
The vendor has issued a fix in versions 4.0.5.B and later and 4.1.5.B and later of the 
Cisco VPN 3000 Series Concentrators.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC