MIT Kerberos Development Team Information for VU#661243

MIT Kerberos V5 KDC vulnerable to denial-of-service via null pointer dereference

Status

Affected

Vendor Statement

MIT recommends updating to release 1.2.5 or later, preferably to the latest release. Patches specifically to fix these problems are not available at this time.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The MIT Kerberos Development Team has published MIT krb5 Security Advisory 2003-001 to address this vulnerability. For more information, please see: