KDC DoS in cross-realm referral processing

If you are currently using MIT krb5 release krb5-1.7, a null pointer dereference has been reported where an unauthenticated remote attacker could cause the KDC to crash (DoS). This is not a vulnerability in the Kerberos protocol. A patch and a workaround has been made available here.

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org


528 Posts
ISC Handler
Dec 30th 2009

Sign Up for Free or Log In to start participating in the conversation!