漏洞信息详情

MIT Kerberos 畸形的Kerberos消息空指针引用漏洞

• CNNVD编号：CNNVD-200803-309
• 危害等级： 超危
  
• CVE编号： CVE-2008-0062
• 漏洞类型： 数字错误
• 发布时间： 2008-03-19
• 威胁类型： 远程
• 更新时间： 2008-10-11
• 厂        商： CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
• 漏洞来源： Ken Raeburn

漏洞简介

Kerberos是美国麻省理工学院（MIT）开发的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等。MIT Kerberos 5（又名krb5）是美国麻省理工学院（MIT）开发的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等。

Kerberos 5的实现上存在两个漏洞，远程攻击者可能利用此漏洞导致拒绝服务或获取敏感信息。

如果KDC接收到了畸形的Kerberos 4消息的话，且之前没有Kerberos 4通讯，就会触发空指针引用，导致KDC崩溃。如果已有有效的Kerberos 4通讯，就会使用空指针锁定发送给客户端的消息；指针可能重新发送之前生成的响应，发送进程内存的一些任意块(其中可能包含有密钥数据)，或由于试图访问无效地址导致进程崩溃。如果进程没有崩溃的话，就会向free()传送随机地址，这可能会破坏释放池，导致崩溃、数据破坏或跳转到进程内存的任意地址。

漏洞公告

参考网址

来源: US-CERT : VU#895609

名称: VU#895609

链接:http://www.kb.cert.org/vuls/id/895609

来源: web.mit.edu

链接:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt

来源: XF

名称: krb5-kdc-code-execution(41275)

链接:http://xforce.iss.net/xforce/xfdb/41275

来源: BUGTRAQ

名称: 20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc

链接:http://www.securityfocus.com/archive/1/489761

来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple

名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2008-03-18

链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2008/Mar/msg00001.HTML

来源: docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com

链接:http://docs.info.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/article.HTML?artnum=307562

来源: FEDORA

名称: FEDORA-2008-2647

链接:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.HTML

来源: FEDORA

名称: FEDORA-2008-2637

链接:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.HTML

来源: www.vmware.com

链接:http://www.vmware.com/security/advisories/VMSA-2008-0009.HTML

来源: UBUNTU

名称: USN-587-1

链接:http://www.ubuntu.com/usn/usn-587-1

来源: SECTRACK

名称: 1019626

链接:http://www.securitytracker.com/id?1019626

来源: BID

名称: 28303

链接:http://www.securityfocus.com/bid/28303

来源: BUGTRAQ

名称: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

链接:http://www.securityfocus.com/archive/1/archive/1/493080/100/0/threaded

来源: BUGTRAQ

名称: 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation

链接:http://www.securityfocus.com/archive/1/archive/1/489883/100/0/threaded

来源: REDHAT

名称: RHSA-2008:0182

链接:http://www.redhat.com/support/errata/RHSA-2008-0182.HTML

来源: REDHAT

名称: RHSA-2008:0181

链接:http://www.redhat.com/support/errata/RHSA-2008-0181.HTML

来源: REDHAT

名称: RHSA-2008:0180

链接:http://www.redhat.com/support/errata/RHSA-2008-0180.HTML

来源: REDHAT

名称: RHSA-2008:0164

链接:http://www.redhat.com/support/errata/RHSA-2008-0164.HTML

来源: MANDRIVA

名称: MDVSA-2008:071

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:071

来源: MANDRIVA

名称: MDVSA-2008:070

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:070

来源: MANDRIVA

名称: MDVSA-2008:069

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:069

来源: GENTOO

名称: GLSA-200803-31

链接:http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml

来源: VUPEN

名称: ADV-2008-1744

链接:http://www.frsirt.com/english/advisories/2008/1744

来源: VUPEN

名称: ADV-2008-1102

链接:http://www.frsirt.com/english/advisories/2008/1102/references

来源: VUPEN

名称: ADV-2008-0924

链接:http://www.frsirt.com/english/advisories/2008/0924/references

来源: VUPEN

名称: ADV-2008-0922

链接:http://www.frsirt.com/english/advisories/2008/0922/references

来源: DEBIAN

名称: DSA-1524

链接:http://www.debian.org/security/2008/dsa-1524

来源: CONFIRM

名称: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112

链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112

来源: CONFIRM

名称: http://wiki.rpath.com/Advisories:rPSA-2008-0112

链接:http://wiki.rpath.com/Advisories:rPSA-2008-0112

来源: CONFIRM

名称: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.HTML

链接:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.HTML

来源: CONFIRM

名称: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.HTML

链接:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.HTML

来源: SECUNIA

名称: 30535

链接:http://secunia.com/advisories/30535

来源: SECUNIA

名称: 29663

链接:http://secunia.com/advisories/29663

来源: SECUNIA

名称: 29516

链接:http://secunia.com/advisories/29516

来源: SECUNIA

名称: 29464

链接:http://secunia.com/advisories/29464

来源: SECUNIA

名称: 29462

链接:http://secunia.com/advisories/29462

来源: SECUNIA

名称: 29457

链接:http://secunia.com/advisories/29457

来源: SECUNIA

名称: 29451

链接:http://secunia.com/advisories/29451

来源: SECUNIA

名称: 29450

链接:http://secunia.com/advisories/29450

受影响实体

• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.5.2  
• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x_server:10.4.11  
• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.5.2  
• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.4.11  

补丁

暂无