MIT Kerberos 5 KDC Multiple Memory Corruption Based Information Disclosure Vulnerabilities
MIT Kerberos 5 KDC is prone to multiple information-disclosure vulnerabilities resulting from memory corruption.
These issues occur when KDC is configured to support Kerberos 4 and processes malformed krb4 messages.
An attacker can exploit these issues to obtain potentially sensitive information that will aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. Given the nature of these vulnerabilities, the attacker could leverage these issues to execute arbitrary code, but this has not been confirmed.
MIT Kerberos 5 version 1.6.3 KDC is vulnerable; other versions may also be affected.