MIT Kerberos Development Team Information for VU#587579

MIT Kerberos V5 ASN.1 decoder fails to perform bounds checking on data element length fields

Status

Affected

Vendor Statement

MIT recommends updating to release 1.2.5 or later, preferably to the latest release. Patches specifically to fix these problems are not available at this time.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The MIT Kerberos Development Team has published MIT krb5 Security Advisory 2003-001 to address this vulnerability. For more information, please see: