
Preface: Kerberos is built into all major operating systems, including those from Microsoft, Apple, Red Hat, and Sun. Kerberos is the authentication mechanism for some devices like Microsoft Active Directory and even X-Box. LDAP is primarily used for managing and accessing directories, while Kerberos is designed to provide security authentication for client/server applications.
Background: MIT krb5 is a free implementation of Kerberos 5.
It centralizes authentication databases and uses Kerberized applications to work with Kerberos-enabled servers or services, allowing single sign-on and encrypted communication over an internal network or the Internet.
Remark: krb5 Use Kerberos for authentication only. krb5i Use Kerberos for authentication, and include a hash with each transaction to ensure integrity.
Vulnerability detail: In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
Official announcement: For detail, please refer to link – https://nvd.nist.gov/vuln/detail/CVE-2024-37371