13 lines
No EOL
617 B
Text
13 lines
No EOL
617 B
Text
source: https://www.securityfocus.com/bid/39599/info
|
|
|
|
MIT Kerberos is prone to a remote memory-corruption vulnerability.
|
|
|
|
An authenticated attacker can exploit this issue by sending specially crafted ticket-renewal requests to a vulnerable computer.
|
|
|
|
Successfully exploiting this issue can allow the attacker to execute arbitrary code with superuser privileges, completely compromising the affected computer. Failed exploit attempts will result in a denial-of-service condition.
|
|
|
|
The following proof-of-concept command is available:
|
|
|
|
% kinit -R
|
|
|
|
We currently are unaware of any exploits that result in code-execution. |