MIT Kerberos Development Team Information for VU#787523

MIT Kerberos V5 KDC logging routines use unsafe format strings

Status

Affected

Vendor Statement

MIT recommends updating to release 1.2.5 or later, preferably to the latest release. Patches specifically to fix these problems are not available at this time.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The MIT Kerberos Development Team has published MIT krb5 Security Advisory 2003-001 to address this vulnerability. For more information, please see: