SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kerberos Vendors:   MIT
Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service
SecurityTracker Alert ID:  1011107
SecurityTracker URL:  http://securitytracker.com/id/1011107
CVE Reference:   CVE-2004-0644   (Links to External Site)
Date:  Aug 31 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.2.2 through 1.3.4
Description:   A denial of service vulnerability was reported in Kerberos 5 in the ASN.1 decoder library. A remote user can cause a Key Distribution Center (KDC) or an application server to enter an infinite loop.

The vendor reported that if the ASN.1 SEQUENCE type was encoded with an indefinite length, the asn1bug_snc() function will attempt to skip any trailing unrecognized fields with the asn1buf_skiptail() function. The asn1buf_skiptail() function does not properly handle certain error conditions and may enter an infinite loop.

The vendor credits Will Fiveash and Nico Williams at Sun with discovering this vulnerability.

Impact:   A remote user can cause the KDC or application server to enter an infinite loop.
Solution:   A fixed version (1.3.5) is planned for release shortly.

A patche is available for 1.3.4:

http://web.mit.edu/kerberos/advisories/2004-003-patch_1.3.4.txt

The associated detached PGP signature is at:

http://web.mit.edu/kerberos/advisories/2004-003-patch_1.3.4.txt.asc

A patche is available for 1.2.8:

http://web.mit.edu/kerberos/advisories/2004-003-patch_1.2.8.txt

The associated detached PGP signature is at:

http://web.mit.edu/kerberos/advisories/2004-003-patch_1.2.8.txt.asc

Vendor URL:  web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-003-asn1.txt (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 31 2004 (Cisco Issues Fix for VPN 3000) Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service
Cisco has issued a fix for the VPN 3000 Concentrator series, which is affected by the Kerberos vulnerability.
Aug 31 2004 (Debian Issues Fix) Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service
Debian has released a fix.
Aug 31 2004 (Red Hat Issues Fix for RHEL) Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service
Red Hat has released a fix for Red Hat Enterprise Linux 2.1
Aug 31 2004 (Red Hat Issues Fix for RHEL) Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service
Red Hat has released a fix for Red Hat Enterprise Linux 3.
Sep 1 2004 (Fedora Issues Fix for FC1) Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service
Fedora has released a fix for Fedora Core 1.
Sep 11 2004 (Conectiva Issues Fix) Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service
Conectiva has released a fix.
Oct 1 2004 (IBM Issues Fix for AIX) Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service
IBM has issued a fix for AIX.
Dec 2 2004 (Apple Issues Fix for OS X) Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service
Apple has issued a fix for Mac OS X.
Dec 29 2004 (Conectiva Issues Fix) Kerberos 5 ASN.1 Decoder Infinite Loop Lets Remote Users Deny Service
Conectiva has released a fix.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC