Kerberos Vulnerability

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

MIT just released a double-free vulnerability in KDC and
libraries (http://web.mit.edu/kerberos/advisories/MITKRB5-
SA-2004-002-dblfree.txt). Cisco and Redhat have responded
to this. Is this an issue that effects the Microsoft
implementation of Kerberos as well? If so when can we
expect remediation?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Subscribe to Microsoft's Security Notification Service if you want to be kept up to
date with current security updates at the link below.

http://www.microsoft.com/technet/security/bulletin/notify.mspx

I don't know currently if it affects MS. Following other security procedures
including a properly configured firewall should minimize impact in the mean
ime. --- Steve

"Craig H" <anonymous@discussions.microsoft.com> wrote in message
news:423b01c49030$c80a3a80$a601280a@phx.gbl...
> MIT just released a double-free vulnerability in KDC and
> libraries (http://web.mit.edu/kerberos/advisories/MITKRB5-
> SA-2004-002-dblfree.txt). Cisco and Redhat have responded
> to this. Is this an issue that effects the Microsoft
> implementation of Kerberos as well? If so when can we
> expect remediation?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

I am not positive but I doubt it. Most of the MIT vulns that have come out in
the last couple of years, actually I think every MIT vuln in the last couple of
years has not impacted Active Directory. MS does not use the MIT dist like
others do.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net



Craig H wrote:
> MIT just released a double-free vulnerability in KDC and
> libraries (http://web.mit.edu/kerberos/advisories/MITKRB5-
> SA-2004-002-dblfree.txt). Cisco and Redhat have responded
> to this. Is this an issue that effects the Microsoft
> implementation of Kerberos as well? If so when can we
> expect remediation?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

In article <O#qlR6HkEHA.2812@tk2msftngp13.phx.gbl>, in the
microsoft.public.win2000.security news group, Joe Richards [MVP]
<humorexpress@hotmail.com> says...

>
> I am not positive but I doubt it. Most of the MIT vulns that have come out in
> the last couple of years, actually I think every MIT vuln in the last couple of
> years has not impacted Active Directory. MS does not use the MIT dist like
> others do.
>
>

It does not. Microsoft follows the MIT protocol specifications for
Kerberos, however, they do not use any of the MIT libraries. The
Kerberos in Windows is written completely from scratch by Microsoft.

--
Paul Adare
This posting is provided "AS IS" with no warranties, and confers no
rights.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

circa Wed, 1 Sep 2004 07:34:26 -0700, in
microsoft.public.win2000.security, Craig H
(anonymous@discussions.microsoft.com) said,
> Is this an issue that effects the Microsoft
> implementation of Kerberos as well?
>
No.

Laura
--
Experience is the name every one gives to their mistakes.
-Oscar Wilde
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom