Kerberos - Kritická chyba umož?uje ovládnout systém
02.09.2004The Massachusetts Institute of Technology (MIT) reports several vulnerabilities in its Kerberos 5 authentication system. The flaws include double-free vulnerabilities in the Key Distribution Center (KDC) and several code libraries, as well as a flaw in the ASN.1 (abstract syntax notation one) decode library which could allow an attacker to deny service by tricking the decoder into an infinite loop. The double-free vulnerabilities attempt to free an already free memory buffer, possibly allowing attackers to execute code and take over a system. The double-free flaws in the KDC clean-up code and in krb524dcan be exploited by unauthenticated users. Other double-free flaws can only be exploited by authenticated attackers. Secunia rates the flaws as "highly critical." MIT says the double-free flaws require a sophisticated attack and have no known exploits, but an exploit for the ASN.1 flaw would be trivial to devise.
Zdroj: http://www.infoworld.com/article/04/09/01/HNkerberoshole_1.htmlAutor: VK
Heuristické vyhledání souvisejících článků v archívu NEWS
Pozor - není zdaleka přesné a výsledek je bez záruky...
Chcete-li článek obsahující konkrétní termín - pou·ijte funkci
vyhledávání !