Vigil@nce - MIT krb5: NULL pointer dereference via GSSAPI
August 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force a NULL pointer to be dereferenced in the
server process Kerberos, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE, Ubuntu
Severity: 2/4
Creation date: 11/08/2014
DESCRIPTION OF THE VULNERABILITY
During an authentication with Kerberos, in the protocol step named
SPNEGO, the client send a packet with his identity, typically a
username.
However, the Kerberos server does not check whether this username
field is valid. If it is empty, the server process try to follow a
NULL pointer.
An attacker can therefore force a NULL pointer to be dereferenced
in the server process Kerberos, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/MIT-krb5-NULL-pointer-dereference-via-GSSAPI-15145