FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5 -- ASN.1 decoder denial-of-service vulnerability

Affected packages
1.2.2 <= krb5 <= 1.3.4

Details

VuXML ID bd60922b-fb8d-11d8-a13e-000a95bc6fae
Discovery 2004-08-31
Entry 2004-08-31

An advisory published by the MIT Kerberos team says:

The ASN.1 decoder library in the MIT Kerberos 5 distribution is vulnerable to a denial-of-service attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack.

An unauthenticated remote attacker can cause a KDC or application server to hang inside an infinite loop.

An attacker impersonating a legitimate KDC or application server may cause a client program to hang inside an infinite loop.

[source]

References

CERT/CC Vulnerability Note 550464
CVE Name CVE-2004-0644
URL http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-003-asn1.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.