‘Krb5 kadmind Denial Of Service vulnerability’
‘The information has been provided by Sol Jerome.
The original article can be found at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt‘
* kadmind in MIT releases krb5-1.5 through krb5-1.6.3.
* kadmind in MIT release krb5-1.7
A legitimate user can trigger this crash by using a newer version of the kadmin protocol than the server supports.
This is an implementation vulnerability in MIT krb5, and not a vulnerability in the Kerberos protocol. This vulnerability is not present in modern releases of MIT krb5.
An authenticated remote attacker could crash the Kerberos administration daemon (kadmind), causing a denial of service.
The patch is available at: http://web.mit.edu/kerberos/advisories/2010-003-patch.txt
MIT krb5 Security Advisory 2010-003
Original release: 2010-04-06
Last update: 2010-04-06′