Critical vuln in MIT Kerberos implementation

Reading Time: < 1 minute

This isn't something which is in line with my day to day work, however this is something which may affect many organizations so I've decided to add my blog to list of sties which will duplicate this information.

Secunia has reported critical vulnerability in MIT Kerberos implementation which can result in remote code execution, DoS or information exposure. I will not cover details as it is all described in Secunia advisory. CERT has also covered this in their bulletin.

As far as I know Microsoft Windows Server Kerberos implementation is not based on MIT and isn't affected. I think that this will be reflected in CERT information soon.

However MIT Kerberos is widely used in various Linux \ Unix systems, Mac OS X and products like Centrify so maybe You want to check if one of Your systems is not affected by this.

When we are in Kerberos neighborhood – when I was reading through Jackson Shaw's blog I found information about establishing MIT Kerberos consortium. Microsoft has also joined this organization. We will see in feature if this will bring something to us as Kerberos users. Hopefully we will see something …