MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability

MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability

MIT Kerberos is prone to a memory-corruption vulnerability because it fails to properly initialize data structures.

Successful exploits may allow remote attackers to crash Kerberos servers, including the 'kadmind' administration daemon. Given the nature of this issue, attackers may also be able to execute arbitrary code with SYSTEM-level or superuser privileges, but this has not been confirmed.

Versions prior to Kerberos 5.17 and 5.1.6.4 are vulnerable.