Kerberos closes security holes

The Massachusetts Institute of Technology has issued patches to repair three serious flaws in its widely used Kerberos 5 security authentication system.

The Massachusetts Institute of Technology has issued patches to repair three serious flaws in its widely used Kerberos 5 security authentication system. 

Kerberos is a common authentication system on the internet and in operating systems and network routers.

Two of the patched flaws affect the Kerberos Key Distribution Centre, which authenticates users. 

One can be used to create a buffer overflow to enable a remote attacker to execute malicious code, and the other can be used to crash a system.

The third flaw, which affects Kerberos’ krb5_recvauth function, allows an attacker to take over a system.

The bugs all affect the latest 1.4.1 version of Kerberos 5. MIT will soon release version 1.4.2 of the solution, which will address the vulnerabilities. 

More details on the flaws are available at:

http://web.mit.edu/kerberos/advisories/index.html

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Antivirus, firewall and IDS products

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close