The Massachusetts Institute of Technology has issued
patches to repair three serious flaws in its widely used Kerberos 5
security authentication system.
Kerberos is a common authentication system on the internet and
in operating systems and network routers.
Two of the patched flaws affect the Kerberos Key Distribution
Centre, which authenticates users.
One can be used to create a buffer overflow to enable a remote
attacker to execute malicious code, and the other can be used to
crash a system.
The third flaw, which affects Kerberos’ krb5_recvauth function,
allows an attacker to take over a system.
The bugs all affect the latest 1.4.1 version of Kerberos 5. MIT
will soon release version 1.4.2 of the solution, which will address
the vulnerabilities.
More details on the flaws are available at:
http://web.mit.edu/kerberos/advisories/index.html
