Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against MIT Kerberos ASN.1 asn1_decode_generaltime Uninitialized Pointer Reference Vulnerability

Subscribe

Check Point Reference: CPAI-2009-096
Date Published:
Preemptive Since:
Severity:
Source: Secunia Advisory: SA34347
Industry Reference(s): CVE-2009-0846
Protection Provided by: Security Gateway
  • R70
VPN-1
  • NGX R65
  • NGX R62
  • NGX R61
  • NGX R60
VSX
  • NGX R65
InterSpect
  • NGX
Who is Vulnerable?
MIT Kerberos prior to krb5-1.6.4

Other products embedding the vulnerable product:

Red Hat RHEL Desktop Workstation 5 client
Red Hat Enterprise Linux 5 server
Red Hat Enterprise Linux Desktop 5 client

Sun Microsystems Solaris 10
Sun Microsystems Solaris 9
Sun Microsystems Sun Enterprise Authentication Mechanism 1.0.1
Sun Microsystems OpenSolaris
Vulnerability Description
A memory corruption vulnerability has been discovered in the MIT Kerberos server. MIT Kerberos V5 is an implementation of the Kerberos protocol that allows for the negotiation of an authenticated, and optionally encrypted, communication channel between two points on a network. The MIT Kerberos V5 server utilizes the encrypted SUN-RPC protocol to communicate with its remote clients. A remote attacker may exploit this issue to execute arbitrary code on an affected system or to create a denial of service condition.
Update/Patch Available
Apply patches:
Patch1
Patch2
Vulnerability Details
The vulnerability is due to a memory corruption error in the MIT Kerberos server due to the release of an uninitialized pointer in the ASN.1 decoder while decoding maliciously crafted data. A remote attacker may exploit this vulnerability via a specially crafted RPC request sent to the kadmind daemon. Successful exploitation may create a denial of service condition, causing the Kerberos kadmind service to terminate abnormally, and may allow execution of arbitrary code on the target system.

Protection Overview
This protection will detect and block malformed RPC requests sent to the vulnerable server.

In order for the protection to be activated, update your Security Gateway/VPN-1/InterSpect product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
MIT Kerberos

Security Gateway R70

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > Application Intelligence > SUN-RPC.
2. In the right pane, double-click the MIT Kerberos ASN.1 asn1_decode_generaltime Uninitialized Pointer Reference protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: SUN-RPC Enforcement Protection
Attack Information: MIT Kerberos ASN.1 asn1_decode_generaltime uninitialized pointer reference

VPN-1 NGX R65 & R62

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > SUN-RPC > MIT Kerberos ASN.1 asn1_decode_generaltime Uninitialized Pointer Reference.
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: SUN-RPC Enforcement Protection
Attack Information: MIT Kerberos ASN.1 asn1_decode_generaltime uninitialized pointer reference

VPN-1 NGX R61 & R60

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > SUN-RPC.
2. Select the following:

MIT Kerberos ASN.1 asn1_decode_generaltime Uninitialized Pointer Reference

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: SUN-RPC Enforcement Protection
Attack Information: MIT Kerberos ASN.1 asn1_decode_generaltime uninitialized pointer reference

VPN-1 VSX NGX R65

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > SUN-RPC > MIT Kerberos ASN.1 asn1_decode_generaltime Uninitialized Pointer Reference.
2. In the configuration pane, under Settings > Mode, check Active.
3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: SUN-RPC Enforcement Protection
Attack Information: MIT Kerberos ASN.1 asn1_decode_generaltime uninitialized pointer reference

InterSpect NGX

How Can I Protect My Network?
1. In the left pane, select Profiles > Default Protection and select the SmartDefense page of the profile.
2. In the SmartDefense tree, click Application Intelligence > UNIX-RPC.
3. Select the following protection:

MIT Kerberos ASN.1 asn1_decode_generaltime Uninitialized Pointer Reference

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: SUN-RPC Enforcement Protection
Attack Information: MIT Kerberos ASN.1 asn1_decode_generaltime uninitialized pointer reference