Vigil@nce - MIT krb5: denial of service of kadmind in schpw
April 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malicious password change query to MIT krb5
kadmind, in order to stop it.
Severity: 2/4
Creation date: 12/04/2011
Revision date: 14/04/2011
IMPACTED PRODUCTS
– MIT krb5
– OpenSUSE
– Red Hat Enterprise Linux
DESCRIPTION OF THE VULNERABILITY
The MIT krb5 kadmind service listens on port 749.
The process_chpw_request() function of the
src/kadmin/server/schpw.c file processes password change queries.
However, when kadmind receives a malformed query, a pointer is not
initialized, and an invalid memory free occurs.
An attacker can therefore send a malicious password change query
to MIT krb5 kadmind, in order to stop it.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/MIT-krb5-denial-of-service-of-kadmind-in-schpw-10539