SecurityTracker: Microsoft Windows Kerberos Ticket-Granting-Ticket Processing Flaw Lets Remote Authenticated Users Deny Service

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Security) > Kerberos

Microsoft Windows Kerberos Ticket-Granting-Ticket Processing Flaw Lets Remote Authenticated Users Deny Service

SecurityTracker Alert ID: 1023566

SecurityTracker URL: http://securitytracker.com/id/1023566

CVE Reference: CVE-2010-0035 (Links to External Site)

Date: Feb 9 2010

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes

Description: A vulnerability was reported in Kerberos on Microsoft Windows. A remote authenticated user can cause denial of service conditions.

A remote authenticated user on a non-Windows realm can send specially crafted Ticket-Granting-Ticket renewal requests to cause the target Windows domain controller to stop responding.

Mixed-mode Kerberos implementations are affected.

Impact: A remote authenticated user can cause the target Windows domain controller to stop responding.

Solution: Microsoft has issued the following fixes:

Microsoft Windows 2000 Server Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?familyid=56a9afba-a6ee-4fb9-ba85-e51d9f94de27

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=738e2fda-96fc-413d-a5c7-74b1fac1d6b3

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=f8ad539d-8191-4864-977b-ad4e31c04ba0

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=d549c927-add7-4d83-bfc7-15dc35663dfb

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=75327470-0f14-4cdd-bcb7-64684c61c267

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=7d0f8f81-fc10-450a-a653-06f89acba9fa

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-014.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-014.mspx (Links to External Site)

Cause: Not specified

Underlying OS: Windows (2000), Windows (2003), Windows (2008)

Message History: None.

Source Message Contents

Date: Tue, 09 Feb 2010 20:29:13 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms10-014.mspx


Microsoft Security Bulletin MS10-014 - Important: Vulnerability in Kerberos Could Allow Denial of Service (977290)

CVE-2010-0035

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC