Vigil@nce - MIT krb5: buffer overflow via libkrad
August 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a buffer overflow via libkrad of MIT
krb5, in order to trigger a denial of service, and possibly to run
code.
Impacted products: Fedora, MIT krb5.
Severity: 2/4.
Creation date: 28/06/2016.
Revision date: 26/07/2016.
DESCRIPTION OF THE VULNERABILITY
The MIT krb5 product uses libkrad to interact with RADIUS.
However, if the size of data is greater than the size of the
storage array, an overflow occurs in the on_io_read() function of
the src/lib/krad/remote.c file.
An attacker can therefore generate a buffer overflow via libkrad
of MIT krb5, in order to trigger a denial of service, and possibly
to run code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/MIT-krb5-buffer-overflow-via-libkrad-19992