MIT Kerberos 5 integer overflows
Published:		17.01.2010
Source:		BUGTRAQ
SecurityVulns ID:		10517
Type:		remote
Level:		6/10
Description:		Integer overflows on RC4 and AES decription.

Affected:		MIT : krb5 1.6
		MIT : krb5 1.7
CVE:		CVE-2009-4212 (Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.)

Original document

MIT, MITKRB5-SA-2009-004 [CVE-2009-4212] integer underflow in AES and RC4 decryption (17.01.2010)

Discuss:

Read or add your comments to this news (0 comments)