Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: KDC DoS in cross-realm referral processing SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
KDC DoS in cross-realm referral processing

If you are currently using MIT krb5 release krb5-1.7, a null pointer dereference has been reported where an unauthenticated remote attacker could cause the KDC to crash (DoS). This is not a vulnerability in the Kerberos protocol. A patch and a workaround has been made available here.

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org


495 Posts
ISC Handler
Dec 30th 2009

Sign Up for Free or Log In to start participating in the conversation!