December 11, 2000

Kerberos 4 buffer overflow vulnerability

Author: JT Smith

"When a service using KTH Kerberos 4 recieves a response from a Kerberos server during the authentication process, it performs a memory copy of data contained within the packet to a buffer of predefined size on the process' stack. It may be possible for an attacker to exploit this and gain root access on the host running the Kerberos-enabled service in the traditional buffer overflow manner." Full details at


  • Linux
Click Here!