MIT Kerberos KDC 'kdc_authdata.c' NULL Pointer Denial Of Service Vulnerability

MIT Kerberos is prone to a remote denial-of-service vulnerability caused by a NULL-pointer dereference error.

To exploit this issue, an attacker sends a specially crafted Ticket Granting Server (TGS) request message to a vulnerable KDC service.

An authenticated attacker can exploit this issue to crash the KDC service, resulting in a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed.

MIT Kerberos 5 1.8 through 1.8.3 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus