漏洞信息详情
MIT Kerberos 畸形的Kerberos消息空指针引用漏洞
- CNNVD编号:CNNVD-200803-309
- 危害等级: 超危
- CVE编号: CVE-2008-0062
- 漏洞类型: 数字错误
- 发布时间: 2008-03-19
- 威胁类型: 远程
- 更新时间: 2008-10-11
- 厂 商: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
- 漏洞来源: Ken Raeburn
漏洞简介
Kerberos是美国麻省理工学院(MIT)开发的一套网络认证协议,它采用客户端/服务器结构,并且客户端和服务器端均可对对方进行身份认证(即双重验证),可防止窃听、防止replay攻击等。MIT Kerberos 5(又名krb5)是美国麻省理工学院(MIT)开发的一套网络认证协议,它采用客户端/服务器结构,并且客户端和服务器端均可对对方进行身份认证(即双重验证),可防止窃听、防止replay攻击等。
Kerberos 5的实现上存在两个漏洞,远程攻击者可能利用此漏洞导致拒绝服务或获取敏感信息。
如果KDC接收到了畸形的Kerberos 4消息的话,且之前没有Kerberos 4通讯,就会触发空指针引用,导致KDC崩溃。如果已有有效的Kerberos 4通讯,就会使用空指针锁定发送给客户端的消息;指针可能重新发送之前生成的响应,发送进程内存的一些任意块(其中可能包含有密钥数据),或由于试图访问无效地址导致进程崩溃。如果进程没有崩溃的话,就会向free()传送随机地址,这可能会破坏释放池,导致崩溃、数据破坏或跳转到进程内存的任意地址。
漏洞公告
参考网址
来源: US-CERT : VU#895609
名称: VU#895609
链接:http://www.kb.cert.org/vuls/id/895609
来源: web.mit.edu
链接:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
来源: XF
名称: krb5-kdc-code-execution(41275)
链接:http://xforce.iss.net/xforce/xfdb/41275
来源: BUGTRAQ
名称: 20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc
链接:http://www.securityfocus.com/archive/1/489761
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2008-03-18
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2008/Mar/msg00001.HTML
来源: docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:http://docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/article.HTML?artnum=307562
来源: FEDORA
名称: FEDORA-2008-2647
链接:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.HTML
来源: FEDORA
名称: FEDORA-2008-2637
链接:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.HTML
来源: www.vmware.com
链接:http://www.vmware.com/security/advisories/VMSA-2008-0009.HTML
来源: UBUNTU
名称: USN-587-1
链接:http://www.ubuntu.com/usn/usn-587-1
来源: SECTRACK
名称: 1019626
链接:http://www.securitytracker.com/id?1019626
来源: BID
名称: 28303
链接:http://www.securityfocus.com/bid/28303
来源: BUGTRAQ
名称: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
链接:http://www.securityfocus.com/archive/1/archive/1/493080/100/0/threaded
来源: BUGTRAQ
名称: 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
链接:http://www.securityfocus.com/archive/1/archive/1/489883/100/0/threaded
来源: REDHAT
名称: RHSA-2008:0182
链接:http://www.redhat.com/support/errata/RHSA-2008-0182.HTML
来源: REDHAT
名称: RHSA-2008:0181
链接:http://www.redhat.com/support/errata/RHSA-2008-0181.HTML
来源: REDHAT
名称: RHSA-2008:0180
链接:http://www.redhat.com/support/errata/RHSA-2008-0180.HTML
来源: REDHAT
名称: RHSA-2008:0164
链接:http://www.redhat.com/support/errata/RHSA-2008-0164.HTML
来源: MANDRIVA
名称: MDVSA-2008:071
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:071
来源: MANDRIVA
名称: MDVSA-2008:070
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
来源: MANDRIVA
名称: MDVSA-2008:069
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
来源: GENTOO
名称: GLSA-200803-31
链接:http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml
来源: VUPEN
名称: ADV-2008-1744
链接:http://www.frsirt.com/english/advisories/2008/1744
来源: VUPEN
名称: ADV-2008-1102
链接:http://www.frsirt.com/english/advisories/2008/1102/references
来源: VUPEN
名称: ADV-2008-0924
链接:http://www.frsirt.com/english/advisories/2008/0924/references
来源: VUPEN
名称: ADV-2008-0922
链接:http://www.frsirt.com/english/advisories/2008/0922/references
来源: DEBIAN
名称: DSA-1524
链接:http://www.debian.org/security/2008/dsa-1524
来源: CONFIRM
名称: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
来源: CONFIRM
名称: http://wiki.rpath.com/Advisories:rPSA-2008-0112
链接:http://wiki.rpath.com/Advisories:rPSA-2008-0112
来源: CONFIRM
名称: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.HTML
链接:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.HTML
来源: CONFIRM
名称: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.HTML
链接:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.HTML
来源: SECUNIA
名称: 30535
链接:http://secunia.com/advisories/30535
来源: SECUNIA
名称: 29663
链接:http://secunia.com/advisories/29663
来源: SECUNIA
名称: 29516
链接:http://secunia.com/advisories/29516
来源: SECUNIA
名称: 29464
链接:http://secunia.com/advisories/29464
来源: SECUNIA
名称: 29462
链接:http://secunia.com/advisories/29462
来源: SECUNIA
名称: 29457
链接:http://secunia.com/advisories/29457
来源: SECUNIA
名称: 29451
链接:http://secunia.com/advisories/29451
来源: SECUNIA
名称: 29450
链接:http://secunia.com/advisories/29450
受影响实体
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.5.2
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.4.11
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.5.2
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.4.11
补丁
暂无
评论