Closed as program error.
The MIT krb5 Key Distribution Center (KDC) implementation can corrupt the heap by attempting to free memory at a random address when it receives a certain unlikely (but valid) request via a TCP connection. This attempt to free unallocated memory can result in a KDC crash and consequent denial of service. [CAN-2005-1174, VU#259798]. Additionally, the same request, when received by the KDC via either TCP or UDP, can trigger a bug in the krb5 library which results in a single-byte overflow of a heap buffer. Application servers are vulnerable to a highly improbable attack, provided that the attacker controls a realm sharing a cross-realm key with the target realm. [CAN-2005-1175, VU#885830]. An unauthenticated attacker may be able to use these vulnerabilities to execute arbitrary code on the KDC host, potentially compromising an entire Kerberos realm. No exploit code is known to exist at this time. Exploitation of these vulnerabilities is believed to be difficult.
WORKAROUNDS: Disabling TCP support in the KDC avoids one vulnerability [CAN-2005-1174]. The single-byte overflow [CAN-2005-1175] is still possible even without KDC TCP support enabled. Running the KDC from init or from some similar automatic respawning facility may reduce the durations of denials of service, but this approach may make it difficult to detect deliberate attacks targeted at code execution.
Security flaw due to buffer overrun in krb library in KDC
Problem fixed by code change
Reported component name
IBM DCE V3.2 AI
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
IBM DCE V3.2 AI
Fixed component ID
Applicable component levels