Check Point Advisories

Microsoft Active Directory-MIT Kerberos Null Pointer Dereference (MS10-014; CVE-2010-0035)

Check Point Reference: CPAI-2010-030
Date Published: 9 Feb 2010
Severity: Critical
Last Updated: Monday 16 July, 2012
Source:
Industry Reference:CVE-2010-0035
Protection Provided by:

Security Gateway
R81, R80, R77, R75, R71, R70, R65
Who is Vulnerable?
Vulnerability Description The Kerberos protocol is used to mutually authenticate users and services on an open and unsecured network. It allows services to correctly identify the user of a Kerberos ticket without having to authenticate the user at the service. It does this by using shared secret keys. A denial of service vulnerability exists in implementations of MIT Kerberos.The vulnerability is caused by incorrect handling of ticket renewal requests coming from a non-Windows Kerberos domain. When an MIT Kerberos user logs on to an Active Directory domain joined machine, they will be issued a Kerberos referral TGT (Ticket Granting Ticket) from the MIT Kerberos realm. Windows clients will never attempt to renew this referral TGT. A remote attacker running a malicious Kerberos client could attempt to renew the referral TGT which would result in a null pointer dereference inside of LSASS.EXE on the domain controller causing the domain controller to reboot.

Protection Overview

This protection will detect and block Kerberos renewal requests from a non-renewable connection.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70 / R65

  1. In the IPS tab, click Protections and find the Microsoft Active Directory-MIT Kerberos Null Pointer Dereference (MS10-014) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Windows SMB Protection Violation.
Attack Information:  Microsoft Active Directory-MIT kerberos null pointer dereference (MS10-014)

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK