19 May 2010
DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
A vulnerability has been reported in Kerberos, which can be exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer dereference error when processing certain Kerberos AP-REQ authenticators, which can be exploited to cause a crash in e.g. kadmind or other applications linked against the GSS-API library by sending an AP-REQ authenticator with a missing checksum field.
The vulnerability is reported in all releases including krb5-1.8.1.
Apply patches. Reportedly, the vulnerability will be fixed in the upcoming krb5-1.8.2 release and an upcoming krb5-1.7 series release.
Patch for krb5-1.6:
Patch for krb5-1.7 and krb5-1.8.1:
The vendor credits Shawn Emery, Oracle.