ID CVE-2004-0644
Summary The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
References
Vulnerable Configurations
  • MIT Kerberos 5 1.2.2
    cpe:2.3:a:mit:kerberos:5-1.2.2
  • MIT Kerberos 5 1.2.3
    cpe:2.3:a:mit:kerberos:5-1.2.3
  • MIT Kerberos 5 1.2.4
    cpe:2.3:a:mit:kerberos:5-1.2.4
  • MIT Kerberos 5 1.2.5
    cpe:2.3:a:mit:kerberos:5-1.2.5
  • MIT Kerberos 5 1.2.6
    cpe:2.3:a:mit:kerberos:5-1.2.6
  • MIT Kerberos 5 1.2.7
    cpe:2.3:a:mit:kerberos:5-1.2.7
  • MIT Kerberos 5 1.2.8
    cpe:2.3:a:mit:kerberos:5-1.2.8
  • MIT Kerberos 5 1.3
    cpe:2.3:a:mit:kerberos:5-1.3
  • MIT Kerberos 5 1.3 alpha1
    cpe:2.3:a:mit:kerberos:5-1.3:alpha1
  • MIT Kerberos 5 1.3.1
    cpe:2.3:a:mit:kerberos:5-1.3.1
  • MIT Kerberos 5 1.3.2
    cpe:2.3:a:mit:kerberos:5-1.3.2
  • MIT Kerberos 5 1.3.3
    cpe:2.3:a:mit:kerberos:5-1.3.3
  • MIT Kerberos 5 1.3.4
    cpe:2.3:a:mit:kerberos:5-1.3.4
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Misc.
    NASL id KERBEROS5_ISSUES.NASL
    description The remote host is running Kerberos 5. There are multiple flaws that affect this product. Make sure you are running the latest version with the latest patches. Note that Nessus could not check for any of the flaws and solely relied on the presence of the service to issue an alert, so this might be a false positive.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 11512
    published 2003-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11512
    title Kerberos 5 < 1.3.5 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_KRB5_134.NASL
    description The following package needs to be updated: krb5
    last seen 2016-09-26
    modified 2004-09-01
    plugin id 14594
    published 2004-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14594
    title FreeBSD : krb5 -- ASN.1 decoder denial-of-service vulnerability (86)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-448.NASL
    description Updated Kerberos (krb5) packages that correct double-free and ASN.1 parsing bugs are now available for Red Hat Enterprise Linux. Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0642 and CVE-2004-0643 to these issues. A double-free bug was also found in the krb524 server (CVE-2004-0772), however this issue was fixed for Red Hat Enterprise Linux 2.1 users by a previous erratum, RHSA-2003:052. An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0644 to this issue. All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 14596
    published 2004-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14596
    title RHEL 2.1 : krb5 (RHSA-2004:448)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BD60922BFB8D11D8A13E000A95BC6FAE.NASL
    description An advisory published by the MIT Kerberos team says : The ASN.1 decoder library in the MIT Kerberos 5 distribution is vulnerable to a denial-of-service attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack. An unauthenticated remote attacker can cause a KDC or application server to hang inside an infinite loop. An attacker impersonating a legitimate KDC or application server may cause a client program to hang inside an infinite loop.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 36731
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36731
    title FreeBSD : krb5 -- ASN.1 decoder denial-of-service vulnerability (bd60922b-fb8d-11d8-a13e-000a95bc6fae)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-543.NASL
    description The MIT Kerberos Development Team has discovered a number of vulnerabilities in the MIT Kerberos Version 5 software. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2004-0642 [VU#795632] A double-free error may allow unauthenticated remote attackers to execute arbitrary code on KDC or clients. - CAN-2004-0643 [VU#866472] Several double-free errors may allow authenticated attackers to execute arbitrary code on Kerberos application servers. - CAN-2004-0644 [VU#550464] A remotely exploitable denial of service vulnerability has been found in the KDC and libraries. - CAN-2004-0772 [VU#350792] Several double-free errors may allow remote attackers to execute arbitrary code on the server. This does not affect the version in woody.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 15380
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15380
    title Debian DSA-543-1 : krb5 - several vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200409-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-200409-09 (MIT krb5: Multiple vulnerabilities) The implementation of the Key Distribution Center (KDC) and the MIT krb5 library contain double-free vulnerabilities, making client programs as well as application servers vulnerable. The ASN.1 decoder library is vulnerable to a denial of service attack, including the KDC. Impact : The double-free vulnerabilities could allow an attacker to execute arbitrary code on a KDC host and hosts running krb524d or vulnerable services. In the case of a KDC host, this can lead to a compromise of the entire Kerberos realm. Furthermore, an attacker impersonating a legitimate KDC or application server can potentially execute arbitrary code on authenticating clients. An attacker can cause a denial of service for a KDC or application server and clients, the latter if impersonating a legitimate KDC or application server. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 14666
    published 2004-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14666
    title GLSA-200409-09 : MIT krb5: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-350.NASL
    description Updated krb5 packages that improve client responsiveness and fix several security issues are now available for Red Hat Enterprise Linux 3. Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. Several double-free bugs were found in the Kerberos 5 KDC and libraries. A remote attacker could potentially exploit these flaws to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0642 and CVE-2004-0643 to these issues. A double-free bug was also found in the krb524 server (CVE-2004-0772), however this issue does not affect Red Hat Enterprise Linux 3 Kerberos packages. An infinite loop bug was found in the Kerberos 5 ASN.1 decoder library. A remote attacker may be able to trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0644 to this issue. When attempting to contact a KDC, the Kerberos libraries will iterate through the list of configured servers, attempting to contact each in turn. If one of the servers becomes unresponsive, the client will time out and contact the next configured server. When the library attempts to contact the next KDC, the entire process is repeated. For applications which must contact a KDC several times, the accumulated time spent waiting can become significant. This update modifies the libraries, notes which server for a given realm last responded to a request, and attempts to contact that server first before contacting any of the other configured servers. All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 14595
    published 2004-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14595
    title RHEL 3 : krb5 (RHSA-2004:350)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-088.NASL
    description A double-free vulnerability exists in the MIT Kerberos 5's KDC program that could potentially allow a remote attacker to execute arbitrary code on the KDC host. As well, multiple double-free vulnerabilities exist in the krb5 library code, which makes client programs and application servers vulnerable. The MIT Kerberos 5 development team believes that exploitation of these bugs would be difficult and no known vulnerabilities are believed to exist. The vulnerability in krb524d was discovered by Marc Horowitz; the other double-free vulnerabilities were discovered by Will Fiveash and Nico Williams at Sun. Will Fiveash and Nico Williams also found another vulnerability in the ASN.1 decoder library. This makes krb5 vulnerable to a DoS (Denial of Service) attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack. The MIT Kerberos 5 team has provided patches which have been applied to the updated software to fix these issues. Mandrakesoft encourages all users to upgrade immediately.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14673
    published 2004-09-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14673
    title Mandrake Linux Security Advisory : krb5 (MDKSA-2004:088)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD20041202.NASL
    description The remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 15898
    published 2004-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15898
    title Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)
oval via4
  • accepted 2013-04-29T04:00:21.491-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
    family unix
    id oval:org.mitre.oval:def:10014
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
    version 23
  • accepted 2005-02-23T09:25:00.000-04:00
    class vulnerability
    contributors
    • name Brian Soby
      organization The MITRE Corporation
    • name Brian Soby
      organization The MITRE Corporation
    description The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
    family unix
    id oval:org.mitre.oval:def:2139
    status accepted
    submitted 2004-10-12T12:00:00.000-04:00
    title Kerberos 5 ASN.1 Library DoS
    version 31
redhat via4
advisories
rhsa
id RHSA-2004:350
refmap via4
bid 11079
bugtraq 20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos)
cert TA04-247A
cert-vn VU#550464
conectiva CLA-2004:860
confirm http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-003-asn1.txt
debian DSA-543
gentoo GLSA-200409-09
trustix 2004-0045
xf kerberos-asn1-library-dos(17160)
Last major update 17-10-2016 - 22:47
Published 28-09-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top