GEN:SID 1:1898
Message EXPLOIT kadmind buffer overflow attempt
Summary This event is generated when an attempt is made to exploit
vulnerable versions of the Kerberos version 4 administration daemon
(kadmind).
Impact Serious. System compromize presenting the attacker with the opportunity to execute arbitrary code or gain unauthorized access to the target host along with other hosts in the kerberos realm.
Detailed Information kadmind is used to administer a Kerberos database on the master key distribution center (KDC) of a kerberos realm.

A buffer overflow condition exists in kadmind4 such that when the daemon parses a length value in an administration request the attacker can gain the ability to execute arbitrary code with the privileges of the user running the daemon, usually root.

Authentication is not required to cause the overflow.

Affected Systems:
    Multiple vendors using kadmind version 4
Affected Systems  
Attack Scenarios Exploit scripts are available
Ease of Attack Simple. Exploits are available.
Corrective Action Upgrade to the latest non-affected version of the software.
Additional References CERT:
http://www.cert.org/advisories/CA-2002-29.html
http://www.kb.cert.org/vuls/id/875073

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1235
Rule References bugtraq: 5731
bugtraq: 6024
cve: 2002-1226
cve: 2002-1235
url: www.kb.cert.org/vuls/id/875073