Security Update: KDC and kadmin stack overflow in krb5_klog_syslog

  • 3618705
  • 03-Apr-2007
  • 27-Apr-2012

Environment

Novell KDC (Key Distribution Center) 1.0

Situation

An authenticated user may be able to execute arbitrary code on a host running kadmind.

An authenticated user may be able to execute arbitrary code on KDC host.  Also, a user controlling a Kerberos realm sharing a key with the target realm may be able to execute arbitrary code on a KDC host.

Successful exploitation can compromise the Kerberos key database and host security on the host running these programs.  (kadmin and the KDC typically runs as root.) 
Unsuccessful exploitation attempts will likely result in the affected program crashing.

Resolution

Apply Novell Kerberos KDC 1.0.2 or newer available at https://download.novell.com

Status

Security Alert

Additional Information

Feedback service temporarily unavailable. For content questions or problems, please contact Support.