FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5 -- multiple checksum handling vulnerabilities

Affected packages
1.3.0 <= krb5 < 1.7.2
1.8.0 <= krb5 <= 1.8.3


VuXML ID 11bbccbc-03ee-11e0-bcdb-001fc61c2a55
Discovery 2010-11-30
Entry 2010-12-09

The MIT Kerberos team reports:

MIT krb5 clients incorrectly accept an unkeyed checksums in the SAM-2 preauthentication challenge.

An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. Under some circumstances, this can negate the incremental security benefit of using a single-use authentication mechanism token.

MIT krb5 incorrectly accepts RFC 3961 key-derivation checksums using RC4 keys when verifying KRB-SAFE messages.

An unauthenticated remote attacker has a 1/256 chance of forging KRB-SAFE messages in an application protocol if the targeted pre-existing session uses an RC4 session key. Few application protocols use KRB-SAFE messages.


Bugtraq ID 45118
CVE Name CVE-2010-1323