CVE-2003-0060
CVSS7.5
发布时间 :2003-02-19 00:00:00
修订时间 :2008-09-05 16:33:21
NMCOS    

[原文]Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.


[CNNVD]MIT Kerberos Key Distribution Center远程格式化字符串漏洞(CNNVD-200302-035)

        MIT Kerberos V5 Key Distribution Center (KDC) 1.2.5之前版本的登录日志存在格式化字符串漏洞。远程攻击者可以借助Kerberos委托名中的格式化字符串说明符导致服务拒绝(崩溃),并且可能可以执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mit:kerberos:5-1.2.4MIT Kerberos 5 1.2.4
cpe:/a:mit:kerberos:5-1.2.1MIT Kerberos 5 1.2.1
cpe:/a:mit:kerberos:5-1.2.2MIT Kerberos 5 1.2.2
cpe:/a:mit:kerberos:5-1.2.3MIT Kerberos 5 1.2.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0060
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0060
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200302-035
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/787523
(VENDOR_ADVISORY)  CERT-VN  VU#787523
http://www.securityfocus.com/bid/6712
(VENDOR_ADVISORY)  BID  6712
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
(VENDOR_ADVISORY)  CONFIRM  http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
http://xforce.iss.net/xforce/xfdb/11189
(UNKNOWN)  XF  kerberos-kdc-format-string(11189)
http://www.osvdb.org/4879
(UNKNOWN)  OSVDB  4879
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
(UNKNOWN)  CONECTIVA  CLSA-2003:639

- 漏洞信息

MIT Kerberos Key Distribution Center远程格式化字符串漏洞
高危 格式化字符串
2003-02-19 00:00:00 2005-10-20 00:00:00
远程  
        MIT Kerberos V5 Key Distribution Center (KDC) 1.2.5之前版本的登录日志存在格式化字符串漏洞。远程攻击者可以借助Kerberos委托名中的格式化字符串说明符导致服务拒绝(崩溃),并且可能可以执行任意代码。

- 公告与补丁

        This issue has been addressed in MIT Kerberos 1.2.5 and later. Users are advised to upgrade to as soon as possible.
        Red Hat has released an advisory (RHSA-2003:051-01) to address this issue.
        Please see the attached adivosry reference for details on obtaining and
        applying fixes.
        Conectiva has released a security advisory (CLA-2003:639) containing fixes which address this issue. Users are advised to upgrade as soon as possible.
        MIT Kerberos 5 1.1.1
        
        MIT Kerberos 5 1.2
        
        MIT Kerberos 5 1.2.1
        
        MIT Kerberos 5 1.2.2
        
        MIT Kerberos 5 1.2.3
        
        MIT Kerberos 5 1.2.4
        

  •         MIT Kerberos 1.2.5
            

- 漏洞信息

4879
MIT Kerberos 5 Key Distribution Center Format String Logging
Remote / Network Access, Local / Remote, Context Dependent Authentication Management, Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

MIT Kerberos Key Distribution Center (KDC) contains a flaw that may allow a remote attacker to crash the service and possibly execute arbitrary code. The issue is due to format string flaws in the logging routines and Kerberos principal name specifiers of the KDC. If an attacker provides a specially crafted request, they can crash the service or execute arbitrary code with the same privilege the server runs under.

- 时间线

2003-01-28 2003-01-28
Unknow Unknow

- 解决方案

Upgrade to version 1.2.5 or higher, as it has been reported to fix this vulnerability. It is possible to partially correct the flaw by implementing the following workaround: Start KDC from a loop in a shell script, or from inittab. Please note that inittab is not recommended because it may fail if the KDC is crashed often in a short period. However, this workaround does not address the possibility of exploiting the format string vulnerability to gain access to the host system, so an upgrade is strongly recommended.

- 相关参考

- 漏洞作者

- 漏洞信息

MIT Kerberos Key Distribution Center Remote Format String Vulnerabilities
Design Error 6712
Yes No
2003-01-28 12:00:00 2009-07-11 08:06:00
The discovery of this vulnerability has been credited to E. Larry Lidz <ellidz@eridu.uchicago.edu>.

- 受影响的程序版本

MIT Kerberos 5 1.2.4
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
MIT Kerberos 5 1.2.3
+ Conectiva Linux 8.0
MIT Kerberos 5 1.2.2
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
MIT Kerberos 5 1.2.1
MIT Kerberos 5 1.2
MIT Kerberos 5 1.1.1
+ Red Hat Linux 6.2
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
MIT Kerberos 5 1.2.7
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ RedHat Linux 9.0 i386
MIT Kerberos 5 1.2.6
MIT Kerberos 5 1.2.5
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Wirex Immunix OS 7+

- 不受影响的程序版本

MIT Kerberos 5 1.2.7
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ RedHat Linux 9.0 i386
MIT Kerberos 5 1.2.6
MIT Kerberos 5 1.2.5
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Wirex Immunix OS 7+

- 漏洞讨论

A number of vulnerabilities have been reported in MIT Kerberos Key Distribution Center (KDC). It has been reported that various printf functions fail to supply sufficient format specifiers when handling user-supplied data.

By supplying a malicious string to KDC, containing format specifiers designed to overwrite sensitve memory, it may be possible under some circumstances for an unauthenticated attacker to execute arbitrary commands.

As this issue affects older releases of Kerberos, a BID may already exist. If this is issue proves to be covered in a previous database entry, this BID will be retired and the correct BID will be updated accordingly.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

This issue has been addressed in MIT Kerberos 1.2.5 and later. Users are advised to upgrade to as soon as possible.

Red Hat has released an advisory (RHSA-2003:051-01) to address this issue.
Please see the attached adivosry reference for details on obtaining and
applying fixes.

Conectiva has released a security advisory (CLA-2003:639) containing fixes which address this issue. Users are advised to upgrade as soon as possible.


MIT Kerberos 5 1.1.1

MIT Kerberos 5 1.2

MIT Kerberos 5 1.2.1

MIT Kerberos 5 1.2.2

MIT Kerberos 5 1.2.3

MIT Kerberos 5 1.2.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站