• všechny e-ziny od 9/1999
  • celou databázi NEWS
  • soutěže 2000-2011
  • další články a BONUSY

Crypto - News


Crypto - News | Security - News

09 / 2004
Vybrali pro vás: TR - Tomáš Rosa, JP - Jaroslav Pinkava, PV - Pavel Vondruška, VK - Vlastimil Klíma

Kerberos - Kritická chyba umož?uje ovládnout systém

The Massachusetts Institute of Technology (MIT) reports several vulnerabilities in its Kerberos 5 authentication system. The flaws include double-free vulnerabilities in the Key Distribution Center (KDC) and several code libraries, as well as a flaw in the ASN.1 (abstract syntax notation one) decode library which could allow an attacker to deny service by tricking the decoder into an infinite loop. The double-free vulnerabilities attempt to free an already free memory buffer, possibly allowing attackers to execute code and take over a system. The double-free flaws in the KDC clean-up code and in krb524dcan be exploited by unauthenticated users. Other double-free flaws can only be exploited by authenticated attackers. Secunia rates the flaws as "highly critical." MIT says the double-free flaws require a sophisticated attack and have no known exploits, but an exploit for the ASN.1 flaw would be trivial to devise.
Zdroj: http://www.infoworld.com/article/04/09/01/HNkerberoshole_1.html
Autor: VK

<<- novější - Kolize hashovacích funkcí - FAQ
Design: Webdesign