Short Name |
APP:KERBEROS:BLDPRINCIPAL-VA2 |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
MIT Kerberos 5 build_principal_va Denial of Service 2 |
Release Date |
2016/01/04 |
Update Number |
2607 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against MIT Kerberos. The vulnerability occurs in build_principal_va() when a realm name containing a NULL byte is received: a buffer of only up to the NULL byte is allocated whereas the complete ASN.1 length of the realm name is used as the length of the buffer. A successful attack can result in a denial-of-service condition.
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.