Решено угроза или нет

  • Автор темы Автор темы Javac
  • Дата начала Дата начала

Javac

Участник
В логах чекпойнта увидел событие
Microsoft Active Directory-MIT Kerberos Null Pointer Dereference (MS10-014; CVE-2010-0035)
Не пойму что означает, это угроза или какое то ложное срабатывание??:openfile:
 
скорее уязвимость в Kerberos протоколе

The Kerberos protocol is used to mutually authenticate users and services on an open and unsecured network. It allows services to correctly identify the user of a Kerberos ticket without having to authenticate the user at the service. It does this by using shared secret keys.A denial of service vulnerability exists in implementations of MIT Kerberos.The vulnerability is caused by incorrect handling of ticket renewal requests coming from a non-Windows Kerberos domain. When an MIT Kerberos user logs on to an Active Directory domain joined machine, they will be issued a Kerberos referral TGT (Ticket Granting Ticket) from the MIT Kerberos realm. Windows clients will never attempt to renew this referral TGT. A remote attacker running a malicious Kerberos client could attempt to renew the referral TGT which would result in a null pointer dereference inside of LSASS.EXE on the domain controller causing the domain controller to reboot.
https://www.checkpoint.com/defense/advisories/public/2010/cpai-2010-030.html
 
атакующий может перезагрузить контроллер домена подменив tgt
 
Назад
Верх