CVE-2003-0082
CVSS5.0
发布时间 :2003-04-02 00:00:00
修订时间 :2008-09-10 15:17:52
NMCOS    

[原文]The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").


[CNNVD]MIT Kerberos 5 Principal Name缓冲区溢出漏洞(CNNVD-200304-016)

        Kerberos 5 (krb5) 1.2.7及其之前版本的Key Distribution Center (KDC)存在漏洞。远程认证攻击者使用导致KDC堆损坏(又称为 "buffer underrun")的一个特定协议请求导致具有相同域的KDCs服务拒绝(崩溃)。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mit:kerberos:5-1.2.7MIT Kerberos 5 1.2.7
cpe:/a:mit:kerberos:1.0
cpe:/a:mit:kerberos:5-1.3:alpha1MIT Kerberos 5 1.3 alpha1
cpe:/a:mit:kerberos:5-1.2.1MIT Kerberos 5 1.2.1
cpe:/a:mit:kerberos:5-1.2.4MIT Kerberos 5 1.2.4
cpe:/a:mit:kerberos:5_1.1.1MIT Kerberos 5 1.1.1
cpe:/a:mit:kerberos:5_1.1MIT Kerberos 5 1.1
cpe:/a:mit:kerberos:5-1.2MIT Kerberos 5 1.2
cpe:/a:mit:kerberos:5-1.2.2MIT Kerberos 5 1.2.2
cpe:/a:mit:kerberos:5-1.2.3MIT Kerberos 5 1.2.3
cpe:/a:mit:kerberos:5-1.2.6MIT Kerberos 5 1.2.6
cpe:/a:mit:kerberos:1.2.2.beta1
cpe:/a:mit:kerberos:5-1.2.5MIT Kerberos 5 1.2.5
cpe:/a:mit:kerberos:5_1.0.6MIT Kerberos 5 1.0.6

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:4430Kerberos 5 KDC Buffer Underrun in Principle Name Handling
oval:org.mitre.oval:def:2536Kerberos 5 KDC Heap Corruption Vulnerability
oval:org.mitre.oval:def:244Kerberos KDC Heap Corruption Denial of Service
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0082
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0082
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200304-016
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2003/dsa-266
(VENDOR_ADVISORY)  DEBIAN  DSA-266
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
(VENDOR_ADVISORY)  CONFIRM  http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
http://www.redhat.com/support/errata/RHSA-2003-091.html
(UNKNOWN)  REDHAT  RHSA-2003:091
http://www.redhat.com/support/errata/RHSA-2003-052.html
(UNKNOWN)  REDHAT  RHSA-2003:052
http://www.redhat.com/support/errata/RHSA-2003-051.html
(UNKNOWN)  REDHAT  RHSA-2003:051
http://www.securityfocus.com/bid/7185
(UNKNOWN)  BID  7185
http://www.securityfocus.com/archive/1/archive/1/316960/30/25250/threaded
(UNKNOWN)  BUGTRAQ  20030331 GLSA: krb5 & mit-krb5 (200303-28)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1
(UNKNOWN)  SUNALERT  54042

- 漏洞信息

MIT Kerberos 5 Principal Name缓冲区溢出漏洞
中危 边界条件错误
2003-04-02 00:00:00 2005-10-20 00:00:00
远程  
        Kerberos 5 (krb5) 1.2.7及其之前版本的Key Distribution Center (KDC)存在漏洞。远程认证攻击者使用导致KDC堆损坏(又称为 "buffer underrun")的一个特定协议请求导致具有相同域的KDCs服务拒绝(崩溃)。
        

- 公告与补丁

        Debian has released a security advisory [DSA 266-1] containing fixes for
        this issue.
        Conectiva has released a security advisory (CLA-2003:639) containing fixes which address this issue. Users are advised to upgrade as soon as possible.
        Sun has released alert 54042 to address this issue.
        The following fixes are available:
        Sun Solaris 9
        
        Sun Solaris 9_x86
        
        Sun Solaris 8_x86
        
        Sun Solaris 8
        
        MIT Kerberos 5 1.0
        
        Sun SEAM 1.0
        
        Sun SEAM 1.0.1
        
        Sun SEAM 1.0.2
        
        MIT Kerberos 5 1.0.6
        
        MIT Kerberos 5 1.1
        
        MIT Kerberos 5 1.1.1
        
        MIT Kerberos 5 1.2
        
        MIT Kerberos 5 1.2.1
        
        MIT Kerberos 5 1.2.2
        

- 漏洞信息

4902
MIT Kerberos 5 Key Distribution Center Heap Corruption DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Unknown

- 漏洞描述

Kerberos 5 contains a flaw within principal name handling that may allow a remote denial of service. The issue is triggered when a specially crafted request is sent to the KDC, this can result in a heap corruption (buffer underrun) or possibly remote code execution resulting in a loss of avilability and possibly confidentiality and/or integrity.

- 时间线

2003-03-19 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds to correct this issue. However, MIT has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

MIT Kerberos 5 Principal Name Buffer Underrun Vulnerability
Boundary Condition Error 7185
Yes No
2003-03-19 12:00:00 2009-07-11 09:06:00
Discovery is credited to Nalin Dahyabhai.

- 受影响的程序版本

Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun SEAM 1.0.2
+ Sun Solaris 9_x86
+ Sun Solaris 9
Sun SEAM 1.0.1
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
Sun SEAM 1.0
MIT Kerberos 5 1.3 -alpha1
MIT Kerberos 5 1.2.7
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ RedHat Linux 9.0 i386
MIT Kerberos 5 1.2.6
MIT Kerberos 5 1.2.5
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Wirex Immunix OS 7+
MIT Kerberos 5 1.2.4
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
MIT Kerberos 5 1.2.3
+ Conectiva Linux 8.0
MIT Kerberos 5 1.2.2
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
MIT Kerberos 5 1.2.1
MIT Kerberos 5 1.2
MIT Kerberos 5 1.1.1
+ Red Hat Linux 6.2
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
MIT Kerberos 5 1.1
MIT Kerberos 5 1.0.6
MIT Kerberos 5 1.0

- 漏洞讨论

A buffer underrun vulnerability has been discovered in Kerberos when handling principal names. Though precide details are not yet known, the problem likely occurs due to unexpected results when calculating static values with user-supplied values. This condition could be triggered if an attacker were to trigger a calculation causing an unexpected wrapped value to be returned.

Successful exploitation of this issue may result in an attacker gaining the ability to corrupt memory and thus execute arbitrary code on an affected Key Distribution Center (KDC) server. The exploitability of this issue to execute commands may be highly dependant on dynamic memory implementation.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Debian has released a security advisory [DSA 266-1] containing fixes for
this issue.

Conectiva has released a security advisory (CLA-2003:639) containing fixes which address this issue. Users are advised to upgrade as soon as possible.

Sun has released alert 54042 to address this issue.

The following fixes are available:


Sun Solaris 9

Sun Solaris 9_x86

Sun Solaris 8_x86

Sun Solaris 8_sparc

MIT Kerberos 5 1.0

Sun SEAM 1.0

Sun SEAM 1.0.1

Sun SEAM 1.0.2

MIT Kerberos 5 1.0.6

MIT Kerberos 5 1.1

MIT Kerberos 5 1.1.1

MIT Kerberos 5 1.2

MIT Kerberos 5 1.2.1

MIT Kerberos 5 1.2.2

MIT Kerberos 5 1.2.3

MIT Kerberos 5 1.2.4

MIT Kerberos 5 1.2.5

MIT Kerberos 5 1.2.6

MIT Kerberos 5 1.2.7

MIT Kerberos 5 1.3 -alpha1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站