General discussion

Locked

Kerberos under Attack ? maybe..

By fazmin.nizam ·
We all know The Kerberos authentication protocol is intended to make networks more secure, Recently I read or someone told me that, a security hole in the mod_auth_kerb Apache module has made Kerberos prone to attacks. Attackers could used specially prepared Kerberos queries to crash web servers with version 5.0, 5.1 installed, the attacker might also be able plant and execute arbitrary code. Still not clear although other versions of the module may also potentially be affected. Anyone have more information regarding this please share

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Not so much

by nofxforever In reply to Kerberos under Attack ? m ...

There has recently been a problem identified with the module
NV
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5989
Secunia
http://secunia.com/advisories/23023
This allowed for a DoS attack, yes crashing the servers. However, attacks of any measure are almost common and this one is no different then 10 or 20 I could name in IIS or the actual Apache server.

Also it seems to have been patched in cvs so now it is no longer a concern. However, there is a stack based buffer overflow chance, however, there seems to be no good exploits for this.
This was given a fairly low rating by both services, and I would just recommending updating your software.

Back to Networks Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums