Short Name |
APP:KERBEROS:KPASSWD-UDP-DOS |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
MIT Kerberos 5 kpasswd UDP Ping-Pong Denial Of Service |
Release Date |
2013/07/23 |
Update Number |
2283 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known flaw in the MIT Kerberos 5 kadmind server. MIT Kerberos 5 kadmind server is vulnerable to a denial-of-service vulnerability. The kadmind server responds to a malformed kpasswd UDP request packet with a kpasswd UDP reply packet which can be exploited to exhaust CPU and network resources with "ping-pong" UDP attack on port 464. A remote attacker may cause a denial-of-service vulnerability by sending a malformed spoofed packet to multiple machines running the vulnerable service.
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.