MIT Kerberos 5 Key Distribution Center Remote Denial of Service Vulnerability

MIT Kerberos 5 Key Distribution Center Remote Denial of Service Vulnerability

The Kerberos 5 Key Distribution Center (KDC) implementation of Kerberos is affected by a remote denial-of-service vulnerability. This issue arises because the application tries to free uninitialized memory at a random address when handling a remote request over TCP.

Specifically, the vulnerability arises when the application handles a principle name consisting of zero components.

All MIT Kerberos 5 releases up to and including krb5-1.4.1 are vulnerable. Third-party application servers employing Kerberos 5 may be affected as well.