SYNTHESIS OF THE VULNERABILITY

An attacker can use a SPNEGO authentication in order to stop MIT Kerberos.

Severity: 2/4

Consequences: denial of service of service

Provenance: intranet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 26/03/2009

IMPACTED PRODUCTS
 Mandriva Linux
 Unix - plateform

DESCRIPTION OF THE VULNERABILITY

The SPNEGO (Simple and Protected GSSAPI NEGOtiation Mechanism, RFC 4178) mechanism is used to negotiate an authentication protocol. The MIT Kerberos server implements SPNEGO.

Two token types are defined: negTokenInit and negTokenResp. The NegTokenInit token contains a bit field named ContextFlags.

When the Kerberos client sends a NegTokenInit with an invalid ContextFlags flag, a NULL pointer is dereferenced in the spnego_gss_accept_sec_context() function of the lib/gssapi/spnego/spnego_mech.c file. This error stops the MIT Kerberos server.

An attacker can therefore use a malicious SPNEGO authentication in order to stop MIT Kerberos.

CHARACTERISTICS

Identifiers: BID-34257, CVE-2009-0845, MDVSA-2009:082, VIGILANCE-VUL-8568

http://vigilance.fr/vulnerability/MIT-Kerberos-denial-of-service-via-SPNEGO-8568